![]() I've noticed also that on Watchguard there is a SIP ALG which is equivalent to a Cisco Fixup Protocol, but I think that just facilitates opening of ports, not prioritizing traffic. I can do that, but I'd like to investigate further before we go that route. I have a Watchguard T10 (Fireware 12.0) sitting in front of my 3CX server. Everything is set up and the firmware has been updated to the latest for this series (V11.3.8) I've followed the guide located on the 3CX FAQ and widened the RTP scope for my provider WeePee (BE). Which ALGs do you disable We are implementing our first production SRX240, and discovered that the MSRPC and DNS ALGs have already given us problems with a local domain controller (unable to dynamically register an A record, and unable to effeictively communicate back to the core domain controllers using MSRPC. Problem is that users complain of call quality issues.Īt the moment I have setup 'Traffic Management' which uses a firewall rule and allows you to allocate/dedicate bandwidth, so I've set aside 512Kbps (10 users at site, maybe 6 calls active at once top) so this should be totally overkill.Ĩx8 says that if I can't disable SPI on the firewall, then they recommend a second firewall/gateway that doesn't use SPI, and point all phones to it. Hi all, I've recently purchased an old Watchguard X550E from eBay (in mint condition). NOTE: The information provided above is from another. Or from winbox just navigate to IP>Firewall and then click on the Service Ports tab and disable it through the GUI. To disable, run this command from the terminal: /ip firewall service-port disable sip. Now you need to create 2 new firewall policies, both based on your newly created SIP packet filter. ![]() Configure it to use port 5060 UDP and then port range 6000-40000 UDP. Instead, create a new Custom Packet filter - call it SIP. We are using Virtual Office solution from 8x8 which is a hosted SIP PBX solution. Our advice is to always disable Router or Firewall ‘SIP ALG’ before you begin to open ports on your network security settings, if your Router or Firewall don’t have any disabling for SIP ALG choices we strongly advise you to contact your Router or Firewall technical support and let them do the work they are expert on this matter. Mikrotik SIP ALG is called a SIP Helper and is located under /IP>Firewall>Service ports. Do not use any SIP-ALG helper on the Watchguard. We have a site which has a 10Mb (up and down) circuit using a Watchguard x330 running 11.6.1 software.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |