Before doing anything take a backup of the current configuration.

Enable consistent NAT & disable security scanning on VOIP server/PBX.

Enable consistent NAT (75% improvement in audio quality):

Now to get that remaining 25%.

Then create a zone for your PBX and disable security scanning services on that device

VoIP: Poor quality or calls getting dropped | SonicWall


Then we’ll create an address object for the IP PBX.

Manage – > Objects -> address objects -> add

Select the “VOIP” zone that we just created.

This is only helpful when your phones and your data traffic are on different LANS or VLANS.

If your PBX and data devices are on the same LAN then change the zone assignment to match the zone type of the interface that the PBX is connected to (most likely LAN). Then, disable the features from each feature per the address object that was just created.

In essence, we have to exclude the IP within each security service.

First up is the Content Filter. We don’t need the content filter trying to read SIP traffic data.

Manage -> Security Services -> Content Filter -> CFS Exclusion -> Select the address object.

Next is the Gateway Anti-Virus

Manage -> Security Services -> Gateway Anti-Virus -> Configure Gateway AV Settings -> Gateway AV Exclusion List -> select address object

Next is Intrusion Prevention

Manage -> Security Services -> Intrusion Prevention -> Enable IPS exclusion list checkbox -> select address object

Next is Anti-Spyware

Manage -> Security Services -> Anti-Spyware -> Configure anti-spyware settings -> Enable exclusions -> select IP PBX address object

Next is App Control

We want to leave it on for the subnet just not for the specific device.

Manage ->Rules -> App Control -> Configure App Control Settings -> tick exclusion checkbox. Can manually select the address object or the IPS exclusion checklist.

Leave a Reply

Your email address will not be published. Required fields are marked *