Interesting findings there. I have several FreePBX instances and all behind Sonicwalls.
All of mine phones are either on the LAN, or are not NAT with a site to site VPN.
We have always set up using Public Server Wizard and left those NAT rules as default, allowing ports 5060-5061, as well as the RTP ranges requested from ITSP and locking it down to only allow from their IP’s
Only recently had an instance where needed to increase UDP timeout, because calls got dropped after exactly 30 minutes.