A a couple of client sites I am changing router/firewalls and when using the new firewalls I have problems with trunk registration and media. The SIP trunk provider uses the PBX public IP for authentication.
At one site, the old router/FW is a Cisco RV016 and the configuration consists of the following:
- A one-to-one NAT using the designated public IP and the PBX’s internal IP
- The access rules are allow ANY to/from the SIP provider’s 2 IPs
- Deny other traffic to the PBX’s IP
This has worked fine.
The new router/FW is a SonicWall, it config is similar:
- A NAT rule ties the PBX to the designated public IP with original/original
- The Access rule allows ANY to/from the SIP trunk provider
This results in no media. Calls can be placed but there is no audio.
If I open up 10000-65535 from ANY source I get media.
My two questions are: This seems vulnerable; is this the proper firewall ruleset? And, why did the RV016 work with presumably more restriction?