![]() ![]() For political or process reason, we want to manage it NOT Automatically, but under our action. This option can be set to ON (wich is better as you will handle multi WAN redundancy better) but gateway timers has to be adjusted, see below. " State Killing on Gateway Failure" –> Uncked for us ! (In France links are becomming more and more lossy, and ADSL links produces natural loss on loads, making PF think the link is down.)." Load Balancing" " Allow default gateway switching" –> Checked as we use Multi Wan (2 WAN handled by the PFsense's interfaces).We strongly recommend to desactivate this option, not especially for VoIP handling. " .redirect" –> set to 0 (in some configs using Internet and MPLS links, we have routers on the same LAN net (not the gateway, juste a route to another customer's net))." NAT Reflection mode for port forwards" –> Enabled (Proxy + NAT).Plus, on small ALIX architecture, or in fail over gateway this is not recommended… unless "state killing on GW faillure" has been checked.). " Firewall Optimization Options" –> Normal (Conservative as said on many posts is not compulsory for the UDP timeout handling, the problem we experienced was not a problem of timeout, but a NAT problem.Not usefull for SIP reliability i guess but here is our conf though… " IP Do-Not-Fragment compatibility" –> checked (checked by default on every PF we manage because of presence of MACchintosh or NFS or other Linux based routers).You might not consider applying those rules. " Rules" –> We still have include a pass rule from SIP provider IPs and SIP ports used (on each xDSL interfaces, normal interface rule, not floating), but we think this is obsolete now.We are using multiWAN in fail over mode, so the only rule we changed was to add our gateway group instead of default PF routing table. " Rules" –> Not any special Rule or FLoating rule to set. #Setup sonicwall onsip registration#
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |