While each router has its' own unique set of configurable settings, here are some general tips on how to configure your router to work well with CloudPBX, particularly if you are running multiple phones behind one router / public IP address.
- Disable the SPI firewall. In many cases, the SPI firewall will believe that SIP signalling or RTP is an attack.
- DISABLE any and all 'SIP ALG' features, many routers have them and in most cases they break SIP. Sometimes these are called other names - any kind of 'SIP helper' tends to be unreliable.
- Extend UDP timeout to 3600 seconds. Most routers have the UDP timeout set shorter than the SIP registration period by default, which can cause phones to become unreachable, when CloudPBX tries to ring them.
- Some routers need to have external services 'whitelisted' in order for them to access local devices. Sonicwall routers are a key example of this. Please request our network list, as CloudPBX is spread across several data centres and your phones will need to communicate with a list of IPs.
- If using a SonicWall, enable the setting called 'enable consistent NAT'
- If you are using a single uplink for both voice and data purposes, which we do not recommend, configuring QoS IS VERY IMPORTANT to ensure decent sound quality. The best way to configure QoS is to prioritize DSCP tags 24 and 46. In smaller deployments, configuring rules based on source/destination IP addresses, and local LAN MAC addresses, can work well.
- Edgerouters have a powerful and easily configurable 'Smart QoS' system, that is actually very effective.
-
Use a physically separate LAN or operate the voice network on a VLAN, so that all endpoints can be configured as DHCP clients, and can route traffic out a separate, dedicated WAN if possible.
Configuring the phones correctly is of course also key - our standard provisioning templates handle that part of course.
Some router-specific tips below:
Fortigate/Fortinet
Recommendation: Disable SIP ALG
In the CLI of the fortigate type the following:
config system settings
set sip-helper disable
set sip-nat-trace disable
Then, reboot the device.
In the CLI type the following:
Config system session-helper
show
(now look for SIP, mostly it will be "12")
delete 12
Don't use any protection profiles on the firewall of the sip rules.
Comments
0 comments
Article is closed for comments.