Sonicwall

Description:

One of the ways to ensure that you have the clearest and best connection for your Sonicwall is to utilize bandwidth management (BWM). Now, this is a bit tricky as Sonicwall allocates bandwidth based on your AVAILABLE bandwidth. So, what this means is you could spend time setting up the connection, but not properly setting your total connection would cause it to fail.

This article will show you how to do the following:

Setup QOS/BWM settings on a Sonicwall device

Example:

Your connection is 30Mbps, and you set your Sonicwall to allocate 10% of this, so 27Mbps can be used for Data (3Mbps would be saved for VoIP). If your connection was actually only a 20Mbps connection, the Sonicwall would use all 20Mbps for Data, thinking more was available. This would essentially render all of the work you did useless!

**Important** - Sonicwall does NOT work the same way with QoS as you may be used to. The QoS settings on Sonicwall are essentially there to "tag" packets or allow the tags to be there, but it does NOT actually do anything to prioritize these packets without setting up the Bandwidth Management (BWM) as below.

To properly configure the Sonicwall, we will adjust settings in 3 areas after first ensuring that the firmware is up to date. (Here is a helpful video also: https://www.youtube.com/watch?v=yUbLf9qJU98)

Step By Step:

Firmware Settings

Verify and update the firmware.
- External Link - Sonicwall Firmware update guide
- Note: The TZ Series should have firmware 5.8 or greater (The device does need to be registered, but it does NOT require a paid subscription to download the firmware.)

VoIP Settings

Select VoIP from the left.
Click on Settings.
1. Ensure that Enable consistent NAT is ENABLED.
  1. (Some firmware versions will need this DISABLED, but it is best to start with Enabled and test from there.)
2. Ensure that Enable SIP Transformations is DISABLED.
3. Click Apply to save changes.

Firewall Rules & Objects

On the left, click Firewall > Access Rules > Matrix.
1. Select the LAN to LAN arrow and disable or delete any VoIP or Voice rules under Destination or Service.
2. Select the LAN to WAN arrow and disable or delete any VoIP or Voice rules under Destination or Service.
3. Select the WAN to LAN arrow and disable or delete any VoIP or Voice rules under Destination or Service.
4. Select the LAN to WAN arrow and disable or delete any VoIP or Voice rules under Destination or Service.
Next, click Network on the left, and then click Address Objects (May be Under Firewall for Certain Firmware Revisions)
Click Add and do the following.
1. Name: Audian VoIP Server 1, 2, 3, 4, 5, and so on.
  - Zone Assignment: WAN
  - Type: Host
  - Network: Every IP Below needs to be added as an address object
Please contact Audian support for a list of our IP addresses to whitelist.
Click the Address Group tab at the top
1. Click Add Group and add Audian
2. Add all of the Audian objects and then click OK.
Navigate to Firewall > Access Rules > Click Add
1. Set the Following
  - Action: Allow
  - From Zone: LAN
  - To Zone: WAN
  - Service: Any
  - Source: Any
  - Destinations: Audian
  - Allow Fragmented Packets: Checked
2. Click Advanced tab and set the following.
  - UDP Connection Inactivity Timeout (seconds): 360
Navigate to Firewall > Access Rules > Click Add
1. Set the Following
  - Action: Allow
  - From Zone: WAN
  - To Zone: LAN
  - Service: Any
  - Source: Audian
  - Destinations: Any
  - Allow Fragmented Packets: Checked
2. Click Advanced tab and set the following.
  - UDP Connection Inactivity Timeout (seconds): 360
Save all changes
- **It may take several minutes (up to 60) for the phones to properly re-register. You can reboot all phones if you would like to make this happen quicker.

Bandwidth Management Settings

On the left, navigate to Network > Interfaces.
Click the Configure button under WAN.
Select the Advanced tab, and then enable both Egress and Ingress Bandwidth Management.
Set your speed in Kbps in both of the boxes.
1. Ingress= Download Speed (this should be set to your download speed in Kbps (x Mbps * 1024)Egress = Upload Speed (this should be set to your upload speed in Kbps (x Mbps * 1024
Hit OK to save changes.
Next, navigate to the Firewall Settings Menu, and then to BWM
Ensure that Bandwidth Management Type is set to "Global"
Ensure that at a minimum one priority above Medium (the default) is selected. In this case, we have selected "High"
Set this to a guaranteed reserve of between 20-30%. (Make sure the guaranteed numbers add up to 100% as well)
1. OPTIONAL - An Audian technician can give more details on the percentage number if needed, but essentially each voice channel uses around 50Kbps, so if you expect a maximum of 5 simultaneous voice calls, you would want to "guarantee" around 50Kbps * 5 = 250Kbps of bandwidth. In our example, the maximum upload is 5,120Kbps, so we would want to set aside 250/5,120 = 6% of the available connection as guaranteed. In most cases, 10% is a good number to use. Also keep in mind that this just GUARANTEES that much connection. If no voice traffic is being used, the full connection will be used for your data and other connections.
Hit Accept to save your changes.
Navigate to Firewall, Access Rules, and then to the LAN -> WAN rule that was created to allow VoIP traffic previously (in the Sonicwall Guide).
Select the configure button
Select the "Ethernet BWM" tab
Check to enable both Inbound and Outbound Bandwidth Management
Select the Priority that you set in the previous Firewall settings (in this example, "2 High")
Select OK to save

You have now configured your sonicwall to automatically give a higher priority to any traffic that is going to the Audian servers, and to allow a percentage of your connection to be "guaranteed" for that traffic. This should eliminate any call quality issues with high usage clients.