Help with Entering VOIP co numbers into a SonicWall

MItel told my company that their VOIP woes would be addressed by a SonicWall with certain settings.

I installed the sonic wall inside the comcast modem/router. I haven't put the comcast dev into bridge or passthrough mode yet. NOr have I enabled the security features.    I've got a bigger problem first.

I've been trying to input mitel's settings, going all over the internet to learn, but this may be over my head. I've read all about how to do stuff in the QOS mapping page, and specifically tried to follow along on this page:

Configuring SonicWALL QoS

However, I never found a place where I could input the PORT or IP numbers in relation to DSCP numbers.  The attached doc has Mitel's suggested changes. I DID turn off SIP and turn on Consistent NAT. But I don't know what to do with the IP numbers on top of page 2, and the numbers in the chart lower down.
I've probably bitten off more than I can chew. What do you think?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

So, in my experience Sonicwall has been the least friendly of any of the Firewalls I have worked with when it comes to VoIP ..

Your VoiP co numbers don't go anywhere near a firewall,  so I am not sure I understand your question -

But what you need is for the VoIP Co IP addresses to be permitted to pass through (1-1 Nat) to your Ipbx and usually support only Ports 5060-5065 UDP for SIP and 10K-25K for RTP.   As well as applying any QOS you want, realizing that QOS is only relevant to your internal LAN, as the ISP community totally ignores it.

It might help, although it is Asterisk orientated, but here is one of the better threads I have seen with respect to VoIP and Sonicwall.

Good luck -

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
dgrrrAuthor Commented:
I apologize for not responding sooner - I didn't see that you had replied.

When you said, "Your VoiP co numbers don't go anywhere near a firewall", do you mean that the PORT , IP & DSCP numbers from MITEL don't need to be entered when configuring the SonicWall so it gives the the VOIP traffic priority over internet browsing, email, etc?
dgrrrAuthor Commented:
My understanding is that the Mitel Port, IP and DSCP numbers were provided for the QoS settings specifically.
Are You Protected from Q3's Internet Threats?

Every quarter, WatchGuard's Threat Lab releases a security report that analyzes the top threat trends impacting companies around the world. For Q3, we saw that 6.8% of the top 100K websites use insecure SSL protocols. Read the full report to start protecting your business today!

dgrrrAuthor Commented:
Based on your link, I have a more urgent question -- Do I need a SECOND switch and SECOND SonicWall port for the VOIP ethernet cables?

In other words -- right now, only 2 ethernet cables are plugged into the SonicWall. One runs from the comcast modem to SonicWall WAN port X1. The other runs from SonicWall LAN port X0 to a 16 port SWITCH, which then services all the desktop computers and VOIP phones in the office.  (One ethernet cable runs to each workstation, passing THROUGH the phone to the computer.)

MUST the ethernet cables to the VOIP phones be run through a DIFFERENT SONICWALL PORT than the computer ethernet cables?  Meaning, do I need to run a 2nd cable to each workstation?  And then have the desktops on one switch / Sonicwall port X0, while the VOIP phones are on the 2nd switch / SonicWall port X2?
Not in my experience -  What leads you to this thought ?
dgrrrAuthor Commented:
I see -- I misunderstood the documentation, re: what a VLAN is.  I confused physical with virtual lan.  (Plus it just made more sense to me. I thought, how does the firewall identify what is VOIP traffic? The simplest way (in my head) is to physically wire all the VOIP traffic through a specific port.  And I kept reading how the different ports on a SonicWall can be configured to do different things, so....)

Anyway -- moving forward -- someone at Mitel sent the attached PDF tutorial, and I was able to follow it, mostly.  EXCEPT:
> When inputting "Option Objects, I have to enter "the MBG or teleworker IP".  What is that? (Is that what the "Mitel Numbers" are for?)
> The tutorial is inconsistent -- does it matter whether an "Option Name" is "Mitel_TFTP" or "MitelTFTP"?
> Likewise should "MitelDSCP" be "0046" or "00046"? (4 digits, right?)
> Likewise under the Vlan's network interface menu,  should leave "enable 802.1 tagging" CHECKED? (tutorial has both ways)
> When I enable Egress / Ingress BWM, and input our bandwidth, is that ONLY for the one WAN interface? What about LAN or VLAN interfaces?
> as for global BWM / Bandwidth Management Type, I checked:
     "0 Realtime = 47% guaranteed / 100%max"
     "4 Medium = 53% guaranteed / 100% max"
               How much to these percentages matter?
> When entering "network - address objects", and it asks for "network", that's my chosen VLAN network "network identifier" which ends with "x.x.x.0", right?

Phew.  At least I'm getting closer.
What I've done with cases like your is create a VLAN or even a second LAN zone where the phones would reside, then reserve a certain amount of bandwidth just that side. That fixed the quality issues pretty quickly. Funny enough, Comcast was the ISP in the scenario that I worked with too.

If you do the second LAN zone scenario, and the phones are on outlets separate of the PCs, then you can use a separate switch.

Answering your questions that you asked straight on...
  • Mitel_TFTP vs MitelTFTP does not matter.
  • MitelDSCP should be "0046"
  • Yes, leave 802.1 tagging enabled.
  • Yes, BWM applies to the WAN interface.
  • Yes, the newwork is your VLAN network.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.