'''Another thing to look at:
'''
''Customer firewalls with these security settings enabled cause call quality issues intermittently, with seemingly random frequency.
''
1. NETWORK --> ZONES
I disabled/removed all security services from the LAN and WAN zones while on my call with Gideon.
2. SECURITY SERVICES --> SUMMARY
At 6pm EDT this evening we will change security services
setting to Performance Optimized.
3. REBOOT
At 6pm EDT this evening we will reboot this firewall to confirm the changes above are applied correctly.
Why?
In the past, the most recent one was I believe Argus Community, I have seen customer firewalls with these security settings enabled cause call quality issues intermittently, with seemingly random frequency. Sonicwall's own documentation suggests that disabling these services on a firewall that is not licensed for them should have no effect - however, I have seen the live examples of this being an issue in the field. We're going to turn all of this stuff off and see what they think about call quality during the day Friday.
**'''Stage2 Standards'''
For Sonicwall:
*Enable Consistent NAT (found under VoIP settings)
*Disable SIP Transformations (found under VoIP settings)
*Disable H.323 Transformations (found under VoIP settings)
*Enable Stealth Mode (found under Firewall Settings Advanced)
*Enable Randomize IP ID (found under Firewall Settings Advanced)
*Enable Conflict Detection within DHCP (found under DHCP)
*Enable DHCP Server Persistence (found under DHCP)
*The Sonicwall should have Enhanced OS
*Disable content filtering
*We prefer that the Sonicwall handles DHCP for the new phones
*DNS: primary should be 65.91.52.25, secondary 8.8.8.8, tertiary 8.8.4.4 - At least ONE of these should be handed out via DHCP to the phones or they will have trouble registering with our network.
**Regarding the last two steps, if the firewall isn’t able to be set as the DHCP server, another server should suffice. The main thing is that it sends out Stage 2's DNS for the phones to register properly. Our DNS can handle external lookups as well as any other and are built to handle all of the SRV lookups that are needed with SIP & RTP communications of the phones.
*Additional Info:
*Allow communication with our Network Block 65.91.52.0/255.255.255.0
216.143.61.192/255.255.255.224
*Open:
*Port 5060 (TCP) for SIP
*Ports 16384 -32767 (UDP) for RTP / signaling
*Phones need to connect via HTTPS to:
*xs1.stage2.net to pull down configuration data
[[Category:Audio Issues]][[Category:Troubleshooting]]