Firewall einrichten

Wie stelle ich meine Firewall richtig ein?

Urs Rüedi
Urs Rüedi
150
| 2 1 2
Posée le 15/03/2019 15:51
0
vote
13249 Vues

Firewall Settings:

  • UDP Ports 5060 & 5061 ein und ausgehend öffnen für IP-Range (SIP)
    • 159.69.91.196 (CIDR 159.69.91.196/32)
  • UDP Ports 5064 & 5065 ein und ausgehend öffnen für IP-Range (WebRTC)
    • 159.69.91.196 (CIDR 159.69.91.196/32)
  • UDP Ports 10'000 - 32'768 ein und ausgehend öffnen für IP-Range
    • 159.69.92.5 (CIDR 159.69.92.5/32)
  • UDP Session Timeout 600 sek.

SIP ALG (Application Layer Gateway) deaktivieren
ZyXEL ZyWALL's USG x00 SIP ALG aktivieren

ZyXEL USG60 series UTM router

How to Disable SIP ALG

Log into the router and navigate to Configuration -> Network -> ALG

Uncheck the following to disable SIP ALG:

  • Enable SIP ALG
  • Enable SIP Transformations
  • Enable Configure SIP Inactivity Timeout
  • Restrict Peer to Peer Signaling Connection
  • Restrict Peer to Peer Media Connection

Click the Apply button at the bottom of the page. A reboot should not be necessary, but if you’re still experiencing issues then it is a good idea to try rebooting the router and testing again.

../../_images/fusionpbx_zyxel_usg60.png

Cisco EA6500

How to Disable SIP ALG

Log into the router and navigate to Connectivity -> Administration -> Application Layer Gateway

Uncheck the following to disable SIP ALG:

  • Enable SIP ALG

Click the Apply button at the bottom of the page. A reboot should not be necessary, but if you’re still experiencing issues then it is a good idea to try rebooting the router and testing again.

../../_images/fusionpbx_cisco_linksys.jpg

SonicWall TZ-SOHO

This guide was created using 6.5.0.1-14n firmware on a SonicWall TZ-SOHO series UTM router. FusionPBX is in the cloud with a public IP, and the SonicWall router is at the customer’s location with the extensions behind it.

How to setup Bandwidth Management

First, enable Global Bandwidth Management:

  • Log into the SonicWall and go to Security Configuration -> Firewall Settings -> Bandwidth Management
  • For Bandwidth Management Type, click the Global radio button.
  • This will enable BWM for all traffic.

Enable your required Priority levels. For voice traffic, we’ll enable the “0 Realtime” priority level.

../../_images/fusionpbx_sonicwall_bwm1.png

The SonicWALL needs to be programmed with your available WAN interface bandwidth. You can go to beta.speedtest.net or similar to find your speed.

  • Log into the SonicWall and go to Network -> Interfaces. Edit your WAN Interface.
  • Click the Advanced tab, check both the Egress and Ingress boxes under Bandwidth Management.
  • Enter in your speed test values, and click OK

../../_images/fusionpbx_sonicwall_bwm6.png

Now create your VOIP services. In this example we’ll use 5060TCP, 5060UDP, and 16384-32768UDP for voice traffic.

  • Go to Policies -> Objects -> Service Objects, and click Add.
  • Add objects for your VOIP services. On typical installs this would be 5060TCP/UPD and 16384-32768UDP.
  • Click on the Service Groups tab and add all of the services you’ve created to a group.

../../_images/fusionpbx_sonicwall_bwm2.png

Next, set up an Object for your Cloud PBX:

  • Go to Policies -> Objects -> Address Objects, and click Add
  • Add your PBX to the WAN Zone assignment with your IP as the Host, or use FQDN if you prefer. If using multiple servers, add each one and create a group.

../../_images/fusionpbx_sonicwall_bwm3.png

Now that we have our Service and Object, we can create a firewall rule and apply prioritization.

  • Go to Policies -> Rules -> Access Rules, and click Add.
  • Create a rule from the WAN to the LAN, using the VOIP services that you created, and your PBX as the source. Make sure the Enable SIP Transformation box is unchecked.
  • Click the BWM tab and check the Egress and Ingress boxes, with the desired priority level.

../../_images/fusionpbx_sonicwall_bwm4.png ../../_images/fusionpbx_sonicwall_bwm5.png

Save your settings and give it a try!

SonicWall TZ-SOHO SIP ALG

This guide was created for the SonicWall TZ-SOHO router with Firmware Version 6.5.0.1-14n. This has the newer GUI version and looks quite a bit different than the GUI that had been used in previous years. FusionPBX is in the cloud with a public IP, and the TZ-SOHO router is at the customer’s location with the extensions behind it.

How to Disable SIP ALG

  • Log into the router
  • Click the MANAGE tab at the top
  • On the left menu, go to System Setup-> VOIP
  • Check the “Enable consistent NAT” box
  • Uncheck the “Enable SIP Transformations” box
  • Click ACCEPT

../../_images/fusionpbx_sonicwall.png

Urs Rüedi
Urs Rüedi
150
| 2 1 2
Répondue le 15/03/2019 17:13
0
vote

Your answer

Please try to give a substantial answer. If you wanted to comment on the question or answer, just use the commenting tool. Please remember that you can always revise your answers - il n'est pas nécessaire de répondre à la même question deux fois. Aussi, s'il vous plaît don't forget to vote - ça aide d'identifier les meilleures questions et réponses !

Poser une question

Tenir informé

À propos de ce forum

Cette communauté s'adresse aux professionnels et enthousiastes de nos produits et services.

Lire les ligne de conduite

Outils de question

2 Abonné(e)s

Statistiques

Posée: 15/03/2019 15:51
Vu: 13249 temps
Dernière mise à jour: 14/07/2020 13:02