Enabling QoS on a SonicWall Firewall

The below example is based on an ISP bandwidth of 10 Mbps downstream / 10 Mbps upstream accounting for 10 concurrent calls. 1 G.711 codec call requires around 90 Kbps downstream / upstream. Please adjust your numbers as per your local setup.

Assessing The Firewall’s Interface

  • Enter the firewall's IP address in the address bar of your web browser.
  • Enter your firewall's username and password

VoIP Settings

  • Go to VoIP > Settings.
  • Check Enable Consistent NAT, uncheck/disable everything else.
  • Click Accept to save the settings.

Firewall Settings

  • Go to Firewall Settings > BWM.
  • Under Bandwidth Management Type, select Global.
  • Under Priority, disable EVERY category, except Medium.

Set values to:

Guaranteed: 50%

Burst: 90%

  • Enable Realtime and set values to:

Guaranteed: 50%

Burst: 100%

  • Click Accept to save the settings.

Network

  • Go to Network > Interfaces > X1 (WAN)
  • Click the Configure icon on far right.
  • Go to Advance > Link Speed, and then set to Auto Negotiate

> Bandwidth Management (at bottom)...

    • Check Enable Egress; set interface egress bandwidth to 10000.000000 (type in the upload speed in Kbps from your ISP)
    • Check Enable Ingress; set interface ingress bandwidth to 10000.000000 (type in the download speed in Kbps from your ISP).
  • Click OK to save the settings.

Firewall

  •  Go to Firewall > Service Objects > Services

NOTE: There may be a need to scroll down, as there are two categories, Service Group and Services.

  • Click Add Name: N2P_UDP_service_ports

Protocol : UDP(17)

Port Range : 1000 - 65500

Sub type : none

  • Click OK to save the settings
  • Go to Address Objects
  • Click Add: Name : N2P_SIP_network

Zone Assignment : WAN

Type : Network

Network:206.20.196.0

Netmask: 255.255.254.0

Name : N2P_RTP_network

Zone Assignment : WAN

Type : Network

Network: 66.33.176.64

Netmask: 255.255.255.192

  • Click Add to save and then click Close
  • Go to Address Groups
  • Click Add Group

Name : N2P_networks group

  • Select N2P_SIP_network and N2P_RTP_network to add address object to group.
  • Click OK to save.

Access Rules

  • Go to Firewall > Access Rules
  • Click Add to add the rule for LAN > WAN

> in the General tab

Action : Allow

Service: Create New Service Group

Name : N2P_service_ports

Add the following port range to this group:

N2P_UDP_service_ports

Source : Any

Destination : N2P_networks group

Users Allowed :

ALL Schedule : Always on

> in the QoS tab

DSCP Marking Action : Explicit

Explicit DSCP Value : 46 - Expedited Forwarding (EF)

> in the Ethernet BWM tab

Enable both Inbound and Outbound Bandwidth Management; set both to 0 Realtime

  • Click Add to save and then click on Close
  • Click Add to add rule for WAN > LAN

> in 'General' Tab

Action : Allow

Service : N2P_service_ports

Source : N2P_networks group

Destination : Any

Users Allowed : ALL

Schedule : Always on

> in 'QoS' tab

DSCP Marking Action : Explicit

Explicit DSCP Value : 46 - Expedited Forwarding (EF)

> in the Ethernet BWM tab

Enable both Inbound and Outbound Bandwidth Management; set both to 0 Realtime

  • Click Add to save and then click Close