Hi there, have a doozy of a question, figured I’d try! We have some remote Polycom Soundpoint 335 SIP phones configured using endpoint manager connected to a FreePBX 5.211.65 phone system via port 5080, the PBX is not behind NAT.
The phones are in another city and when they are behind our SonicWall TZ105 firewall at the remote office, the extensions randomly go unreachable for a few seconds and going right to voicemail or sometimes even the IP-PBX thinks the phone is ringing when the phone isn’t actually getting the signal to ring. The phones work perfectly when bypassing the firewall so I know it must be a NAT/Firewall issue, but I’ve tried all suggestions I could find online with this model firewall. (NAT Consistency enabled, SIP Transformations turned off, UDP Timeout increased to 120 seconds)
We use a TZ215 with polycoms (321/335) behind it and a remote (cloud) PBX.
We solved this by setting the registration timeout from 3600 on the phones to a lower value (currently 75s, and PBX min is set to 60s). I’m considering changing the ports to be unique instead of the NAT consistency method and seeing how things go for us.
Thank you so much Overkill, I’m going to try this out, hopefully they take the new settings via endpoint manager and a reset, the polycoms seem to need a dang factory reset/reformat to apply any new settings via autoprovision
Sadly this didn’t improve the issue, still no ringing on extensions for inbound calls. What about putting the phones on a VLAN and putting that VLAN in a DMZ zone on the sonicwall?
WB, I have one more for you that is probably not going to help but is worth a try anyway…try setting the timeout to be less than the min timeout of the PBX (for example, 45s phone 60s pbx).
But on a positive note update, I switched the SIP port from 5080 to 5060, and the problem “seems” to be gone for now! So apparently SonicWalls realllly don’t like when you try to use sip on a non-standard port. I’ll update this in a few days if this works out.
That’s strange. We’re using 5060 here…but at least that’s something! I’d keep one phone on 5080 to test with (preferably a dedicated test phone) and figure out why it was happening…open the firewall to allow all traffic from the PBX maybe? I don’t know…