Can anyone share any real experience with the sonicwall NSA 2400? We are considering this and TZ 205’s for our remote sites. I see some google results about the NSA not playing well with SIP… Any experience? Recommends yes/no?
I have several sites that use various flavors of Sonicwall TZxxx. No matter what router/firewall brand and model you select always disable the SIP ALG.
the key is the UDP timer - remember to set it high enough (i am assuming you are using sip trunks via the internet). otherwise, like most firewalls you need to have both nat rules as well as the firewall acl’s set for the ports you are using.
I have had nothing but issues with the Sonicwall. Not just on VoIP, in general. The interface is marginal and it suffers from feature bloat.
Read some of the posts in forums on general sonicall issues.
I would take a good hard look at Juniper SSG series.
FWIW from me, I would never touch sonicwalls with a barge-pole again, been there done that , they suck as a competent firewall , and so does their customer support.
IpCop firewall
If you happen to be considering an alternative, I suggest IpCop might be worth a try.
I’ve been happy with IpCop for over 10 years.
Its an excellent firewall/router, and it plays nicely with FreePBX.
[size=10]Stay free, stay open source[/size]
skyking - i very much so appreciate your support and contributions to the form here. I value your opinion greatly.
Do you think the SSG140 at our main office and the SSG5’s at the remote offices are a good choice? Is the webgui very friendly? Ease of setup and maintenance of the various VPNs and problem free issues with our PBX are most important to me.
bgroper - having tried pfsense and finding support difficult I think I can only consider fully supported solutions. Juniper and Cisco seem to be the only ones worth considering now.
If you look at my posting history over the years I was a Cisco advocate for quite awhile. The cost and Smartnet contracts on ASA’s is out of the question.
In our companies infrastructure we folklifted to Juniper 2 years ago.
Please also be aware we are talking about real Cisco, not the Small business crap.
Pulled the trigger on a SSG140 and a couple SSG5’s thanks! Hopefully these aren’t too hard to learn!
First thing when you get them out of the box, go to security/ALG and turn off SIP ALG.
The web gui is great, especially for policies and VPN gateway’s but don’t miss out on the CLI. The packet filter and flow debug is very powerful. Turn off telnbet, enable SSH on the interface and in management (change the port to while you are there).
Make sure you are running 6.3R5 or later.
The Juniper stuff works, FreePBX fearless leader Tony Lewis is headed to Milwaukee to upgrade the NS50 for an SSG550 tonight. The FreePBX universe keeps growing.