Académique Documents
Professionnel Documents
Culture Documents
169 Saxony Road, Suite 212 Encinitas, CA 92024 Phone & Fax: (800) 477-1477
Introduction
Thank you for choosing FreedomIQ by FreedomVoice for your industry-leading cloud based phone system. We are glad to have you on board as part of our team and this document should help answer most questions you may have on setting up the Sonicwall router to best optimize voice quality with FreedomIQ. There are multiple sections in this document from Internet access and various basic settings to the QoS configuration monitoring. This guide will walk you through the following configurations: 1. 2. 3. 4. 5. 6. 7. Change the default password Configuration of the Public Interface (Internet access) Enable Remote Access Set Measured WAN Speed Configure Basic QoS Configure Advanced QoS Enable Netflow Monitoring
Sonicwall NSA240/TZ210
Product Information: Sonicwall NSA240
The Sonicwall NSA240 series is a Fixed-port Access Router that is ideal for medium to large business Internet access and/or IP Telephony using broadband access such as DSL, cable or T1 Ethernet handoff. The NSA240 includes six 10/100 ports and three 10/100/1000 ports, a built-in firewall for network security, QoS & BWM to prioritize delay sensitive traffic like VoIP, and a host of other features such as DHCP, Network Address Translation (NAT), and IPSec VPN.
Features:
Fixed-port Access Router for broadband access such as DSL, cable or T1 Ethernet handoff Six 10/100 ports and three 10/100/1000 ports High performance dual-core processor Powerful threat management firewall Quality of Service (QoS) & bandwidth management (BWM) for delay-sensitive traffic like Voice over IP (VoIP) IPSec & SSL VPN 600 Mbps Stateful Throughput
Features:
Fixed-port Access Router for broadband access such as DSL, cable or T1 Ethernet handoff Five 10/100 ports and Two 10/100/1000 ports Powerful threat management firewall Quality of Service (QoS) & bandwidth management (BWM) for delay-sensitive traffic like Voice over IP (VoIP) IPSec VPN 200 Mbps Stateful Throughput
Configuration Screen 1 of 2
Configuration Screen 2 of 2
Follow these steps to configure remote access: 1. 2. 3. 4. 5. 6. From the Network section in the left column, select Interfaces. Under Interface Settings find the Zone column labeled WAN and click on the pencil icon under the Configure column. Make sure the Zone: drop down says WAN. In the Management section check the boxes appropriate to th e type of remote access you want to allow (HTTP or HTTPS is most common). Click the OK button at the bottom of the window. Click the Accept button at the top of the page. Remote access is now complete.
Configure basic QoS within the GUI, Step 1: Select a type of Bandwidth Management
Start by setting BWM to WAN: 1. 2. 3. 4. 5. 6. 7. 8. Login to the Sonicwall router GUI (default is 192.168.168.168). Click on the Firewall Settings section in the left column, select BWM. Next to Bandwidth Management Type: make sure WAN is selected. Next to 0 Realtime check the Enable box. Next to 2 High uncheck the Enable box. Next to 4 Medium set Guaranteed to 0 %. Next to 6 Low set Guaranteed to 0 %. Click the Accept button.
Configure basic QoS within the GUI, Step 2: Create Service Objects
Now, create a UDP 5060 signal service object: 9. 10. 11. 12. 13. 14. 15. Login to the Sonicwall router GUI (default is 192.168.168.168). Click on the Firewall section in the left column, select Service Objects. Under Services click Add. Enter a descriptive name such as SignalUDP. Select the protocol UDP. Enter the port range of 5060 5060. Click Add.
Next, create a TCP 5061 signal service object: 1. 2. 3. 4. 5. 6. Click on the Firewall section in the left column, select Service Objects. Under Services click Add. Enter a descriptive name such as SignalTCP. Select the protocol TCP. Enter the port range of 5061 5061. Click Add.
Next, create a UDP audio service object: 1. 2. 3. 4. 5. 6. Click on the Firewall section in the left column, select Service Objects. Under Services click Add. Enter a descriptive name such as AudioUDP. Select the protocol UDP. Enter the port range of 6000 55000. Click Add.
Next, create a group that contains all three service objects: 1. 2. 3. 4. Click on the Firewall section in the left column, select Service Objects. Under Service Groups click Add Group. Enter a descriptive name such as FreedomIQ. Find the three service objects you created earlier.
6
5. 6.
Highlight each of them and click the arrow to add them to the group. Click OK.
Configure basic QoS within the GUI, Step 3: Apply Service Objects to the firewall
Lastly, create a new firewall rule: 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. Click on the Firewall section in the left hand column, select Access Rules. Under Access Rules (ALL>ALL) click Add. Next to From Zone: select LAN. Next to To Zone: select WAN. Next to Service: select the group (FreedomIQ) that was set up in the last step. Next to Source: select Any. Next to Destination: select Any. Check Enable flow reporting. Check Enable packet monitor. Click on the Ethernet BWM tab.
For the next steps youll need to determine how much bandwidth you want to guarantee for this particular service group (the phones). This can be done by percentage of total bandwidth or by a set Kbps (Kilobits Per Second). When using the G.711 codec, each phone needs 88Kbps in both directions (Outbound, Inbound) to properly function. Many administrators like to allocate 90-100Kbps per phone to keep a slight cushion of bandwidth. Example: 1.44Mbps T-1 with 4 phones (using 90Kbps per phone) would require either 25% of available bandwidth or 360Kbps. 11. Check Enable Outbound Bandwidth Management. 12. In the field Guaranteed Bandwidth: enter your number and select the proper corresponding allocation type (% or Kbps). 13. In the field Maximum Bandwidth: enter 100 and select % from the drop down. 14. Check Enable Inbound Bandwidth Management. 15. In the field Guaranteed Bandwidth: enter the same number and corresponding allocation type (% or Kbps) you choose in the above (Outbound) section. 16. In the field Maximum Bandwidth: enter 100 and select % from the drop down. 17. Make sure the Bandwidth Priority: drop down is set to 0 Realtime for both Outbound and Inbound. 18. Check Enable Tracking Bandwidth Usage. 19. Click Add.
Configure Advanced QoS within the GUI, Step 1: Select a type of Bandwidth Management
Start by setting BWM to WAN: 1. 2. 3. 4. 5. 6. 7. 8. Login to the Sonicwall router GUI (default is 192.168.168.168). Click on the Firewall Settings section in the left column, select BWM. Next to Bandwidth Management Type: make sure WAN is selected. Next to 0 Realtime check the Enable box. Next to 2 High uncheck the Enable box. Next to 4 Medium set Guaranteed to 0 %. Next to 6 Low set Guaranteed to 0 %. Click the Accept button.
Configure Advanced QoS within the GUI, Step 2: Create an Address Object
Now, create an address object for the network, IPs or devices you wish to give priority. 1. 2. 3. 4. 5. 6. 7. Login to the Sonicwall router GUI (default is 192.168.168.168). Click on the Firewall section in the left column, select Address Objects. Under Address Objects click Add. Enter a descriptive name such as Phone Network or Ext 800 depending on the type of address youre choosing. Zone Assignment: should be Range (LAN IPs), Network (Voice Subnet), or MAC (a specific phone). Enter the applicable information (IP range, Network or MAC) into the next field. Click Add. NOTE: If you chose type MAC youll need to repeat this process for each phone. Once all phones have been added to the Address Objects section, youll want to go to Address Groups and create a single group for all of the MAC entries.
Configure Advanced QoS within the GUI, Step 3: Apply Address Objects to the firewall
Lastly, create a new firewall rule: 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. Click on the Firewall section in the left hand column, select Access Rules. Under Access Rules (ALL>ALL) click Add. Next to From Zone: select LAN. Next to To Zone: select WAN. Next to Service: select the address object (or address group) that was set up in the last step. Next to Source: select Any. Next to Destination: select Any. Check Enable flow reporting. Check Enable packet monitor. Click on the Ethernet BWM tab.
For the next steps youll need to determine how much bandwidth you want to guarantee for this particular service group (the phones). This can be done by percentage of total bandwidth or by a set Kbps (Kilobits Per Second). When using the G.711 codec, each phone needs 88Kbps in both directions (Outbound, Inbound) to properly function. Many administrators like to allocate 90-100Kbps per phone to keep a slight cushion of bandwidth. Example: 1.44Mbps T-1 with 4 phones (using 90Kbps per phone) would require either 25% of available bandwidth or 360Kbps. 11. Check Enable Outbound Bandwidth Management. 12. In the field Guaranteed Bandwidth: enter your number and select the proper corresponding allocation type (% or Kbps). 13. In the field Maximum Bandwidth: enter 100 and select % from the drop down. 14. Check Enable Inbound Bandwidth Management. 15. In the field Guaranteed Bandwidth: enter the same number and corresponding allocat ion type (% or Kbps) you choose in the above (Outbound) section. 16. In the field Maximum Bandwidth: enter 100 and select % from the drop down. 17. Make sure the Bandwidth Priority: drop down is set to 0 Realtime for both Outbound and Inbound. 18. Check Enable Tracking Bandwidth Usage. 19. Click Add. Advanced QoS is now complete.
Netflow continued 7. 8. 9. 10. 11. 12. Click on the Log section in the left hand column, select Flow Reporting. Check the box Report to EXTERNAL flow collector. In External collectors IP address enter 69.43.168.87. Under External collectors UDP port number enter 3000. Every other setting on this page should be left at the default. At the top of the page click Accept.
Netflow continued 13. 14. 15. 16. 17. 18. 19. 20. Click on System in the left hand column and select Administration. Scroll down to Advanced Management and check Enable SNMP. Next to the SNMP checkbox, click the Configure button. In the Get Community Name: field type ops$3cur3!. At the bottom of the page click OK. Scroll to the top of the page and click Accept. Click on System in the left hand column and select Restart. Click on the Restart button.
10
11
Technical Support
Technical support for FreedomIQ is available from 3:00 AM PST to 6:00 PM PST, Monday through Friday, Saturday from 6:30am PST to 3:30pm PST and can be reached either by phone or by email. Emergency support is available 24/7. Phone: 888-955-3520 ext. 2 Use this number to reach a trained FreedomIQ technical support representative during normal support hours. If calling outside of normal hours, you will be provided the option to either leave a voicemail message or connect to the emergency support service (see below). Numerous documents and support materials are available through the FreedomIQ Weblink. Please log into Weblink and select the support tab and review the documentation that is available online there. Support Email: iqsupport@freedomvoice.com Emails are automatically forwarded to our ticketing system. An auto-reply will be sent within a few minutes indicating the case number generated. Emails are generally returned within two hours during normal support hours, but may take longer depending on the current volume of tickets received. All emails should, however, be returned same day. For an issue that requires a faster turn-around time, please use the phone numbers listed above.
12