Sonicwall NSA240 / TZ210 Configuration Guide (Firmware: SonicOS Enhanced o & up)

Similar documents
Sonicwall NSA220 / TZ215 / TZ300,400,500 Configuration Guide (Firmware: SonicOS Enhanced o & up)

Recommended QoS Configuration Settings for. Dell SonicWALL SOHO Router

Time Sensitive Information!

System Installation Guide. Version 2.2

SonicWALL / Toshiba General Installation Guide

Abstract. Avaya Solution & Interoperability Test Lab

LevelOne FBR User s Manual. 1W, 4L 10/100 Mbps ADSL Router. Ver

Recommended Network Configurations

Abstract. Avaya Solution and Interoperability Test Lab

CHAPTER 7 ADVANCED ADMINISTRATION PC

Quality of Service Setup Guide (NB14 Series)

The Administration Tab - Diagnostics

2Wire IG 2700 ADSL Router. RJ45 connecting cable

Wireless-G Router User s Guide

LKR Port Broadband Router. User's Manual. Revision C

AT&T SD-WAN Network Based service quick start guide

Configuring Access Rules

MAC Address Filtering Setup (3G18Wn)

DSL/CABLE ROUTER with PRINT SERVER

Multi-Homing Broadband Router. User Manual

DC-228. ADSL2+ Modem/Router. User Manual. -Annex A- Version: 1.0

F.A.Q for TW100-S4W1CA

Broadband Router. User s Manual

VG422R. User s Manual. Rev , 5

Arion Router and Firewall User s Manual. Rev 1.0 Mar 2004

Barracuda Link Balancer

Recommended QoS Configuration Settings for. AdTran NetVanta 3448 Router

DVG-2001S VoIP Terminal Adapter

RX3041. User's Manual

CTX 1000 VoIP Accelerator User Guide

Recommended QoS Configuration Settings for TP-LINK Archer C3200 Wireless Router

LevelOne FBR-1405TX. User s Manual. 1-PORT BROADBAND ROUTER W/4 LAN Port

Broadband Router DC-202. User's Guide

On the left hand side of the screen, click on Setup Wizard and go through the Wizard.

Technical Support Information

Network Configuration Guide

Abstract. Avaya Solution & Interoperability Test Lab

IP806GA/GB Wireless ADSL Router

UIP1869V User Interface Guide

Port Forwarding Setup (NB7)

SonicOS Release Notes

Port Forwarding Setup (RTA1025W)

Section 3 - Configuration. Enable Auto Channel Scan:

Yealink VCS Network Deployment Solution

Configuring Firewall Access Rules

Technical Support Information

D-Link DVG-1402S. Manual. 2Voice + 4SW VoIP Router. Version B.1. Building Networks for People

Yealink VCS Network Deployment Solution

TZ 170 Quick Start Guide

Setup Guide v Saxony Road, Suite 212 Encinitas, CA Phone & Fax: (800)

Broadband Router DC 202

SonicWALL Security Appliances. SonicWALL SSL-VPN 200 Getting Started Guide

4-Port Cable/DSL Router DX-E401. Product Name [French] Product Name [Spanish] USER GUIDE GUIDE DE L UTILISATEUR GUÍA DEL USUARIO

SonicOS Release Notes

Viewing Network Status, page 116. Configuring IPv4 or IPv6 Routing, page 116. Configuring the WAN, page 122. Configuring a VLAN, page 137

Contents. 2 NB750 Load Balancing Router User Guide YML817 Rev1

Networking Fundamentals. An Introduction to Networks. tel: +44 (0) fax: +44 (0) web:

Introduction... 3 Features... 3 Minimum Requirements... 3 Package Content... 3 Get to know the Broadband Router... 4 Back Panel... 4 Front Panel...

Peplink Balance Multi-WAN Routers

Express EtherNetwork TM DI-604

LevelOne FBR-1405TX. User s Manual. 1 PORT BROADBAND ROUTER W/4 LAN Port. Version: 1.0

300M Wireless-N Broadband Router User Manual

Yamaha Router Configuration Training ~ Web GUI ~

User Guide TL-R470T+/TL-R480T REV9.0.2

Virtual Communications Express VCE over LTE User Guide

Conceptronic C100BRS4H Quick Installation Guide. Congratulations on the purchase of your Conceptronic 4-ports Broadband Router.

Introduction... 3 Features... 3 Minimum Requirements... 3 Package Content... 3 Get to know the Broadband Router... 4 Back Panel... 4 Front Panel...

Table of Contents. CRA-200 Analog Telephone Adapter 2 x Ethernet Port + 2 x VoIP Line. Quick Installation Guide. CRA-200 Quick Installation Guide

AirLive RS Security Bandwidth Management. Quick Setup Guide

AirCruiser G Wireless Router GN-BR01G

The Applications and Gaming Tab - Port Range Forward

Introduction... 3 Features... 3 Minimum Requirements... 3 Package Content... 3 Get to know the Broadband Router... 4 Back Panel... 4 Front Panel...

Introduction... 3 Features... 3 Minimum Requirements... 3 Package Content... 3 Note... 3 Get to know the Broadband Router... 4 Back Panel...

DSL-G624T. Wireless ADSL Router. If any of the above items is missing, please contact your reseller. This product can be set up using any

Broadband Router User s Manual. Broadband Router User s Manual

Broadband Setup Netcomm NB14

Application Notes for the Packeteer PacketShaper with Avaya Communication Manager - Issue 1.0

Technical Support Information

4-Port Broadband user manual Model

Contents. Cable/DSL Firewall Router

Platform Compatibility... 1 Enhancements... 2 Known Issues... 3 Upgrading SonicOS Enhanced Image Procedures... 3 Related Technical Documentation...

Phone Adapter with Router

LevelOne Broadband Routers

SonicOS Enhanced Release Notes

Connecting the DI-804V Broadband Router to your network

Configuring Interfaces

Chapter 4 Advanced Settings and Features

6. 3. Media Sharing Access the USB disk. 5. Click OK. Tips:

D-Link DI-704UP. Express EtherNetwork TM Broadband Router with USB Print Server. Manual. Building Networks for People

April AT&T Collaborate SM. Customer Configuration Guide

MikroWall Hotspot Router and Firewall System

EdgeConnect for Amazon Web Services (AWS)

SoLink-Lite IP-PBX. Administrator Guide. (Version 1.0)

TopGlobal MB8000 VPN Solution

Introduction... 3 Package Contents... 4 VPN100 LEDs... 5 Connecting your VPN Installing USB drivers... 7

Manual Overview. This manual contains the following sections:

Gigaset Router / en / A31008-E105-B / cover_front_router.fm / s Be inspired

Yealink VCS Network Deployment Solution

Deployment Guide: Routing Mode with No DMZ

GUIDELINES FOR VOIP NETWORK PREREQUISITES

Transcription:

Sonicwall Configuration Guide v1.0 Sonicwall NSA240 / TZ210 Configuration Guide (Firmware: SonicOS Enhanced 5.8.1.1-35o & up) 169 Saxony Road, Suite 212 Encinitas, CA 92024 Phone & Fax: (800) 477-1477 1

Introduction Thank you for choosing FreedomIQ by FreedomVoice for your industry-leading cloud based phone system. We are glad to have you on board as part of our team and this document should help answer most questions you may have on setting up the Sonicwall router to best optimize voice quality with FreedomIQ. There are multiple sections in this document from Internet access and various basic settings to the QoS configuration monitoring. This guide will walk you through the following configurations: 1. Change the default password 2. Configuration of the Public Interface (Internet access) 3. Enable Remote Access 4. Set Measured WAN Speed 5. Configure Basic QoS 6. Configure Advanced QoS 7. Enable Netflow Monitoring Sonicwall NSA240/TZ210 Product Information: Sonicwall NSA240 The Sonicwall NSA240 series is a Fixed-port Access Router that is ideal for medium to large business Internet access and/or IP Telephony using broadband access such as DSL, cable or T1 Ethernet handoff. The NSA240 includes six 10/100 ports and three 10/100/1000 ports, a built-in firewall for network security, QoS & BWM to prioritize delay sensitive traffic like VoIP, and a host of other features such as DHCP, Network Address Translation (NAT), and IPSec VPN. Features: Fixed-port Access Router for broadband access such as DSL, cable or T1 Ethernet handoff Six 10/100 ports and three 10/100/1000 ports High performance dual-core processor Powerful threat management firewall Quality of Service (QoS) & bandwidth management (BWM) for delay-sensitive traffic like Voice over IP (VoIP) IPSec & SSL VPN 600 Mbps Stateful Throughput Product Information: Sonicwall TZ210 The Sonicwall TZ210 series is a Fixed-port Access Router that is ideal for small to medium sized business Internet access and/or IP Telephony broadband access. The TZ210 includes one ADSL WAN port, integrated four port switch, built in firewall, QoS, DHCP, NAT, and an IPSec VPN. Features: Fixed-port Access Router for broadband access such as DSL, cable or T1 Ethernet handoff Five 10/100 ports and Two 10/100/1000 ports Powerful threat management firewall Quality of Service (QoS) & bandwidth management (BWM) for delay-sensitive traffic like Voice over IP (VoIP) IPSec VPN 200 Mbps Stateful Throughput 2

Change Default Username/Password It is important that you change the default username and password to something secure. This new login information ensures that no one within the LAN can make unauthorized changes, but can also be used as the default remote login information for remote access to the router in the event changes need to be made remotely by a dealer or a FreedomIQ representative. Default login information: Gateway: 192.168.168.168 Username: admin Password: password Follow these steps to update the admin login information: 1. From the System section in the left column, select Administration. 2. Find the section labeled Administrator Name & Password. 3. Enter the original or old password. Enter the new password twice. 4. Click the Accept button toward the bottom of the page. - Changing username/password is now complete. Set Up Internet Access Follow these steps closely to set up the Sonicwall NSA240/TZ210 via the built in GUI. Your ISP should have provided you with general instructions related to your internet connection. If you are unsure what these settings are, contact your ISP with regard to the settings you will need for your router. In most cases your service provider will either have you to set your router to DHCP mode or they will provide you with IP address, Gateway, Subnet and DNS server settings. You will need this information to continue the set up. Follow these steps to configure internet access: 1. From the Network section in the left column, select Interfaces. 2. Under Interface Settings find the Zone column labeled WAN and click on the pencil icon under the Configure column. 3. Make sure the Zone: drop down says WAN. 4. Your ISP will have given you instructions to choose either DHCP or Static for an IP address type within your router. Choose this from the IP Assignment: drop down. 5. Enter your IP Address, Subnet Mask, Default Gateway, DNS Server 1 and DNS Server 2 information. 6. Click the OK button at the bottom of the window. 7. Click the Accept button at the top of the page. See screenshots below 3

Configuration Screen 1 of 2 Configuration Screen 2 of 2 - Internet configuration is now complete. 4

Enable Remote Access The Sonicwall NSA240/TZ210 allows you to configure remote access to the GUI or command line interface. Follow these steps to configure remote access: 1. From the Network section in the left column, select Interfaces. 2. Under Interface Settings find the Zone column labeled WAN and click on the pencil icon under the Configure column. 3. Make sure the Zone: drop down says WAN. 4. In the Management section check the boxes appropriate to the type of remote access you want to allow (HTTP or HTTPS is most common). 5. Click the OK button at the bottom of the window. 6. Click the Accept button at the top of the page. - Remote access is now complete. Set the measured WAN speed The Sonicwall NSA240/TZ210 works best when you specify the amount of internet bandwidth that is allocated to you from your ISP. This step is always important but it is absolutely critical to proper QoS functionality. Don t always take your ISP s word for the up and down speeds, the values entered here should be an average of three speed tests. A recommended place to run these tests is at www.speedtest.net. Follow these steps to set the WAN bandwidth: 1. From the Network section in the left column, select Interfaces. 2. Under Interface Settings find the Zone column labeled WAN and click on the pencil icon under the Configure column. 3. Make sure the Zone: drop down says WAN. 4. Click on the Advanced tab. 5. Check the box Enable flow reporting. 6. Under the heading Bandwidth Management, check Enable Egress Bandwidth Management. 7. In the field Available Interface Egress Bandwidth (Kbps): enter your measured internet speed. If you have a single T-1 this might be 1500.00. If you have a cable modem that measures 10Mbps down, you would enter 10000.00. 8. Under the heading Bandwidth Management, check Enable Ingress Bandwidth Mangement. 9. In the field Available Interface Ingress Bandwidth (Kbps): enter your measured internet speed. If you have a single T-1 this might be 1500.00. If you have a cable modem that measures 2Mbps up, you would enter 2000.00. 10. Click the OK button at the bottom of the window. - WAN speed setup is now complete. 5

Configure basic QoS (Quality of Service) The Sonicwall NSA240/TZ210 comes preconfigured for basic QoS (UDP packet priority & bandwidth management) when ordered directly from FreedomVoice. You may need to modify the bandwidth allocations depending on the bandwidth available to the customer in each direction. Also, depending on the type of traffic on the network, you may want to modify the QoS so it is based on a specific VLAN or specific device(s) instead of giving priority to all UDP traffic. We cover these alternate QoS configurations under Advanced QoS later on in this document. Configure basic QoS within the GUI, Step 1: Select a type of Bandwidth Management Start by setting BWM to WAN: 1. Login to the Sonicwall router GUI (default is 192.168.168.168). 2. Click on the Firewall Settings section in the left column, select BWM. 3. Next to Bandwidth Management Type: make sure WAN is selected. 4. Next to 0 Realtime check the Enable box. 5. Next to 2 High uncheck the Enable box. 6. Next to 4 Medium set Guaranteed to 0 %. 7. Next to 6 Low set Guaranteed to 0 %. 8. Click the Accept button. Configure basic QoS within the GUI, Step 2: Create Service Objects Now, create a UDP 5060 signal service object: 9. Login to the Sonicwall router GUI (default is 192.168.168.168). 10. Click on the Firewall section in the left column, select Service Objects. 11. Under Services click Add. 12. Enter a descriptive name such as SignalUDP. 13. Select the protocol UDP. 14. Enter the port range of 5060 5060. 15. Click Add. Next, create a TCP 5061 signal service object: 1. Click on the Firewall section in the left column, select Service Objects. 2. Under Services click Add. 3. Enter a descriptive name such as SignalTCP. 4. Select the protocol TCP. 5. Enter the port range of 5061 5061. 6. Click Add. Next, create a UDP audio service object: 1. Click on the Firewall section in the left column, select Service Objects. 2. Under Services click Add. 3. Enter a descriptive name such as AudioUDP. 4. Select the protocol UDP. 5. Enter the port range of 6000 55000. 6. Click Add. Next, create a group that contains all three service objects: 1. Click on the Firewall section in the left column, select Service Objects. 2. Under Service Groups click Add Group. 3. Enter a descriptive name such as FreedomIQ. 4. Find the three service objects you created earlier. 6

5. Highlight each of them and click the arrow to add them to the group. 6. Click OK. Configure basic QoS within the GUI, Step 3: Apply Service Objects to the firewall Lastly, create a new firewall rule: 1. Click on the Firewall section in the left hand column, select Access Rules. 2. Under Access Rules (ALL>ALL) click Add. 3. Next to From Zone: select LAN. 4. Next to To Zone: select WAN. 5. Next to Service: select the group ( FreedomIQ ) that was set up in the last step. 6. Next to Source: select Any. 7. Next to Destination: select Any. 8. Check Enable flow reporting. 9. Check Enable packet monitor. 10. Click on the Ethernet BWM tab. For the next steps you ll need to determine how much bandwidth you want to guarantee for this particular service group (the phones). This can be done by percentage of total bandwidth or by a set Kbps (Kilobits Per Second). When using the G.711 codec, each phone needs 88Kbps in both directions (Outbound, Inbound) to properly function. Many administrators like to allocate 90-100Kbps per phone to keep a slight cushion of bandwidth. Example: 1.44Mbps T-1 with 4 phones (using 90Kbps per phone) would require either 25% of available bandwidth or 360Kbps. 11. Check Enable Outbound Bandwidth Management. 12. In the field Guaranteed Bandwidth: enter your number and select the proper corresponding allocation type (% or Kbps). 13. In the field Maximum Bandwidth: enter 100 and select % from the drop down. 14. Check Enable Inbound Bandwidth Management. 15. In the field Guaranteed Bandwidth: enter the same number and corresponding allocation type (% or Kbps) you choose in the above (Outbound) section. 16. In the field Maximum Bandwidth: enter 100 and select % from the drop down. 17. Make sure the Bandwidth Priority: drop down is set to 0 Realtime for both Outbound and Inbound. 18. Check Enable Tracking Bandwidth Usage. 19. Click Add. - Basic QoS is now complete. 7

Configure Advanced QoS (Prioritize by Network, IP or Device) The Sonicwall NSA240/TZ210 comes preconfigured for basic QoS (UDP packet priority & bandwidth management) when ordered directly from FreedomVoice. If your network is running applications that run over UDP such as torrents, gaming or video conferencing, you shouldn t use generic UDP prioritization. In these cases prioritizing an entire Subnet, MAC addresses, or statically assigned IP addresses will be best practice. We only need to create one rule for QoS by network, IP or MAC since we re going to be prioritizing ALL traffic from those addresses rather than specific types of traffic. This is safe as long as the addresses are only those of phones and no other types of devices. Configure Advanced QoS within the GUI, Step 1: Select a type of Bandwidth Management Start by setting BWM to WAN: 1. Login to the Sonicwall router GUI (default is 192.168.168.168). 2. Click on the Firewall Settings section in the left column, select BWM. 3. Next to Bandwidth Management Type: make sure WAN is selected. 4. Next to 0 Realtime check the Enable box. 5. Next to 2 High uncheck the Enable box. 6. Next to 4 Medium set Guaranteed to 0 %. 7. Next to 6 Low set Guaranteed to 0 %. 8. Click the Accept button. Configure Advanced QoS within the GUI, Step 2: Create an Address Object Now, create an address object for the network, IP s or devices you wish to give priority. 1. Login to the Sonicwall router GUI (default is 192.168.168.168). 2. Click on the Firewall section in the left column, select Address Objects. 3. Under Address Objects click Add. 4. Enter a descriptive name such as Phone Network or Ext 800 depending on the type of address you re choosing. 5. Zone Assignment: should be Range (LAN IP s), Network (Voice Subnet), or MAC (a specific phone). 6. Enter the applicable information (IP range, Network or MAC) into the next field. 7. Click Add. NOTE: If you chose type MAC you ll need to repeat this process for each phone. Once all phones have been added to the Address Objects section, you ll want to go to Address Groups and create a single group for all of the MAC entries. Configure Advanced QoS within the GUI, Step 3: Apply Address Objects to the firewall Lastly, create a new firewall rule: 1. Click on the Firewall section in the left hand column, select Access Rules. 2. Under Access Rules (ALL>ALL) click Add. 3. Next to From Zone: select LAN. 4. Next to To Zone: select WAN. 5. Next to Service: select the address object (or address group) that was set up in the last step. 6. Next to Source: select Any. 7. Next to Destination: select Any. 8. Check Enable flow reporting. 9. Check Enable packet monitor. 10. Click on the Ethernet BWM tab. Continue on next page 8

For the next steps you ll need to determine how much bandwidth you want to guarantee for this particular service group (the phones). This can be done by percentage of total bandwidth or by a set Kbps (Kilobits Per Second). When using the G.711 codec, each phone needs 88Kbps in both directions (Outbound, Inbound) to properly function. Many administrators like to allocate 90-100Kbps per phone to keep a slight cushion of bandwidth. Example: 1.44Mbps T-1 with 4 phones (using 90Kbps per phone) would require either 25% of available bandwidth or 360Kbps. 11. Check Enable Outbound Bandwidth Management. 12. In the field Guaranteed Bandwidth: enter your number and select the proper corresponding allocation type (% or Kbps). 13. In the field Maximum Bandwidth: enter 100 and select % from the drop down. 14. Check Enable Inbound Bandwidth Management. 15. In the field Guaranteed Bandwidth: enter the same number and corresponding allocation type (% or Kbps) you choose in the above (Outbound) section. 16. In the field Maximum Bandwidth: enter 100 and select % from the drop down. 17. Make sure the Bandwidth Priority: drop down is set to 0 Realtime for both Outbound and Inbound. 18. Check Enable Tracking Bandwidth Usage. 19. Click Add. - Advanced QoS is now complete. Configure Sonicwall to export Netflow data The Sonicwall TZ210/NSA240 comes with the ability to export valuable data to an external program that provides technical visuals on a variety of network specs. At FreedomVoice we use software called Netflow Analyzer. This allows us to see devices within the remote network that may be contributing to call quality issues by flooding the router or available bandwidth with heavy usage. Netflow setup 1. Click on the Network section in the left hand column, select Interfaces. 2. Under the Configure column, click the pencil icon for the WAN interface. 3. Under the General tab in the Management field, check the Ping & SNMP boxes. 4. Click on the Advanced tab. Make sure Enable flow reporting is checked. 5. At the bottom of the page click OK. 6. On the Interfaces page click Accept. Continue on next page 9

Netflow continued 7. Click on the Log section in the left hand column, select Flow Reporting. 8. Check the box Report to EXTERNAL flow collector. 9. In External collector s IP address enter 69.43.168.87. 10. Under External collector s UDP port number enter 3000. 11. Every other setting on this page should be left at the default. 12. At the top of the page click Accept. Netflow continued 13. Click on System in the left hand column and select Administration. 14. Scroll down to Advanced Management and check Enable SNMP. 15. Next to the SNMP checkbox, click the Configure button. 16. In the Get Community Name: field type ops$3cur3!. 17. At the bottom of the page click OK. 18. Scroll to the top of the page and click Accept. 19. Click on System in the left hand column and select Restart. 20. Click on the Restart button. 10

- Netflow setup is now complete. 11

Technical Support Technical support for FreedomIQ is available from 3:00 AM PST to 6:00 PM PST, Monday through Friday, Saturday from 6:30am PST to 3:30pm PST and can be reached either by phone or by email. Emergency support is available 24/7. Phone: 888-955-3520 ext. 2 Use this number to reach a trained FreedomIQ technical support representative during normal support hours. If calling outside of normal hours, you will be provided the option to either leave a voicemail message or connect to the emergency support service (see below). Numerous documents and support materials are available through the FreedomIQ Weblink. Please log into Weblink and select the support tab and review the documentation that is available online there. Support Email: iqsupport@freedomvoice.com Emails are automatically forwarded to our ticketing system. An auto-reply will be sent within a few minutes indicating the case number generated. Emails are generally returned within two hours during normal support hours, but may take longer depending on the current volume of tickets received. All emails should, however, be returned same day. For an issue that requires a faster turn-around time, please use the phone numbers listed above. 12

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback