SonicWall Reflexive NAT Policies for nexMatrix SIP Trunks

Many thanks to Matt York at Wilkes Communications/Riverstreet Networks in Wilkesboro, NC for providing this great documentation!

1:1 port 5060 Source PAT (Inside Local : Inside Global 5060:5060)

This document will cover SonicOS Enhanced 6.5.x.x.  Version 5 will be slightly different.

(Note:The CLI config is basically the same I just find it easier to use the GUI when writing NAT polices than having to write down and remember the many different address objects and services you are dealing with)

1.       Create address objects that reference all SIP server hosts before you begin to configure any NAT polices. 

2.       Create a Custom Service Object specifically for SIP UDP 5060.  The default SIP service object in SonicWall is geared toward port ranges, so you will want to create a new custom object.

3.      Start building your NAT polices.  I start from the outside:inside or ingress in the X1 interface and create a reflexive policy

4.       Next, make sure your reflexive policy from the inside:outside has the proper address and service objects.

5.       Capture traffic to make sure your new NAT/PAT policies have applied.  Please note that this may take a few minutes to settle down if you have existing connections to SIP servers. 

 

• Related Articles

• nexMatrix Host Names and IP addresses

  nexMatrix SIP trunk service will connect to your IP PBX from one or more of these servers. You may need to whitelist these addresses and/or host names to allow unsolicited inbound traffic from them to your PBX on UDP port 5060 and whatever range of ...

• Local SIP port assignments for IP phones

  Perhaps the most common cause of problems with IP phones is inconsistent signalling communication between the end point (phone) and the PBX.  The symptoms of this include: The phone won't register to its extension account on the PBX. BLF buttons on ...

• How to use the nexMatrix Customer Billing Portal

  If you receive SIP trunk service or hosted PBX services from nexMatrix Telecom, your billing account is accessible through our secure online portal: https://portal.nexmatrix.net/ Your account number is your user name.  If you don't know your account ...

• Fortigate

  Fortigate firewall products have SIP session helpers that are on by default.   These need to be turned off! http://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-voip-guide-52/sessionhelper-disenable.htm   Fortigate, like many firewalls, ...

• 12/16/2015 Caller ID override for 911

  note:  a complete guide to 911 programming is posted here We are pleased to announce that an additional tool has been deployed in Protel LTS that further refines the ability to route 911 calls by allowing you to override the trunk default or ...