I need to prepare a XG106 (SFOS 17.5.6 MR-6) for VoIP: 3 internal SIP clients (on a local LAN 192.168.1.0/24) will connect with an external cloud PBX server (185.19.236/22) The VoIP provider has requested to make the following changes to the firewall: disable Stateful Packet Inspection (SPI) I suppose I do that with “s et advanced-firewall bypass-stateful-firewall-config add source_network 192.168.1.0 source_netmask 255.255.255.0 dest_network 185.19.236.0 dest_netmask 255.255.252.0 ” Should I add the complete LAN range or is it better to add only the 3 SIP client IP addresses? disable SIP Application Layer Gateway (SIP ALG) Do I do this by unloading the SIP system module? disable Strict Security Do they mean Strict Policy as in “ set advanced-firewall strict-policy off ”? Is that a good idea? I'm a novice on VoIP so all thoughts and advice are most welcome! Thanks Erik

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Configuring an XG for VoIP

I need to prepare a XG106 (SFOS 17.5.6 MR-6) for VoIP: 3 internal SIP clients (on a local LAN 192.168.1.0/24) will connect with an external cloud PBX server (185.19.236/22)

The VoIP provider has requested to make the following changes to the firewall:

disable Stateful Packet Inspection (SPI)

I suppose I do that with “set advanced-firewall bypass-stateful-firewall-config add source_network 192.168.1.0 source_netmask 255.255.255.0 dest_network 185.19.236.0 dest_netmask 255.255.252.0”
Should I add the complete LAN range or is it better to add only the 3 SIP client IP addresses?
disable SIP Application Layer Gateway (SIP ALG)

Do I do this by unloading the SIP system module?
disable Strict Security

Do they mean Strict Policy as in “set advanced-firewall strict-policy off”?
Is that a good idea?

I'm a novice on VoIP so all thoughts and advice are most welcome!

Thanks

Erik

This thread was automatically locked due to age.

Parents

0 rfcat_vk over 6 years ago

Hi,

doe three VoIP phones you shouldn't need to do any of that. You should be able to use a firewall rule that points at your ISP's PABX and sourced from your three VoIP phones using port 5060.

I have two VoIP phones at home that use different extra port ranges, but they are all handled by setup connection of the pghones. You might like to add a VoIP application and set the priority of the traffic in the MASQ settings on the firewall rule.

Ian
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 rfcat_vk over 6 years ago

Hi,

doe three VoIP phones you shouldn't need to do any of that. You should be able to use a firewall rule that points at your ISP's PABX and sourced from your three VoIP phones using port 5060.

I have two VoIP phones at home that use different extra port ranges, but they are all handled by setup connection of the pghones. You might like to add a VoIP application and set the priority of the traffic in the MASQ settings on the firewall rule.

Ian
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 2ServeErik over 6 years ago in reply to rfcat_vk

Thanks for your reply Ian.

I'm glad to hear I can and should keep it simple. I'll try your suggestion.

Still one question though...

When you say:"You might like to add a VoIP application and set the priority of the traffic in the MASQ settings on the firewall rule"

Do you mean like applying an Application-based Traffic Shaping policy or setting a DSCP Marking? or both?
Can you elaborate on that please?

Thanks

Erik
Cancel
Vote Up 0 Vote Down

Cancel
0 rfcat_vk over 6 years ago in reply to 2ServeErik

Hi Erik,

probably the best way is to include some screenshots from my XG.

Ian
Cancel
Vote Up 0 Vote Down

Cancel