VoIP FAQs: Difference between revisions

From Edge Threat Management Wiki - Arista
Jump to navigationJump to search
No edit summary
 
 
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
[[FAQs|All Untangle FAQs]]
==How is VOIP handled?==
==How is VOIP handled?==


VOIP is automatically bypassed from scanning by default. This is because VOIP data traffic is highly latency sensitive. This behavior is controlled in [[Config]] > [[Network]] > [[Bypass Rules]]. There are pre-configured rules for VOIP (both SIP and IAX2) in the "System Bypass Rules." Manual bypass rules can be added for non-standard VOIP installations. Simply add a rule to bypass the control sessions and the data sessions will also be bypassed.
It's highly recommended to bypass all VoIP traffic which passes through your NG Firewall. More details here: [https://support.untangle.com/hc/en-us/articles/202671703-VoIP-Deployment-Models-and-Troubleshooting-Guide VoIP Deployment Models and Troubleshooting Guide]




==My VOIP doesn't work. Why?==
==My VoIP doesn't work. Why?==


Some VOIP deployments use intelligent NAT traversal techniques that conflict with the VOIP NAT-fixing done inside NAT on the Untangle Server. In this case you can uncheck 'enable SIP NAT Helper' in config->networking->advanced->General. (sometimes it requires a reboot)
Some VoIP deployments use intelligent NAT traversal techniques that conflict with the VoIP NAT-fixing done inside NAT on the NG Firewall. In this case you can uncheck 'enable SIP NAT Helper' in '''Config > Network > Advanced > Options'''.




== Does Untangle Server support Polycom video conferencing? ==
== Does NG Firewall support Polycom video conferencing? ==


This technology uses H323 protocol, and Untangle does no special handling for H323. It is recommended to bypass H323 traffic. For more information, go to [[Bypass Rules]].
This technology uses H323 protocol, and NG Firewall does no special handling for H323. It is recommended to bypass H323 traffic. For more information, go to [[Bypass Rules]].




== Can I use VoIP over VPN? ==
== Can I use VoIP over VPN? ==


Untangle does not recommend this configuration. VoIP over VPN can result in poor voice quality and dropped calls. For more information, go to [[VoIP|Using VoIP with Untangle Server]].
Arista ETM does not recommend this configuration. VoIP over VPN can result in poor voice quality and dropped calls. For more information on configuring VoIP for best performance, go to [https://support.untangle.com/hc/en-us/articles/202671703-VoIP-Deployment-Models-and-Troubleshooting-Guide VoIP Deployment Models and Troubleshooting Guide].
 
 
==Asterisk/Trixbox behind Untangle==
 
Asterisk-based telephony systems handle end-to-end SIP communication.  In this case, disabling the SIP NAT Helper as well as the SIP Bypass Rule in the Config->Networking->Advanced section is necessary.  Without these changes, outbound calls will still work, but no inbound calls will work.  Remember to set Port Forwarding for the SIP port(s) and RTP port range.  A reboot of Untangle is required after the changes, or unusual SIP information in the Asterisk Verbose Logging will occur such as "ss-noservice."  Remember that extensions inside the network need to be set with "nat = no" or the extension will not connect.
 
Most VoIP providers require Registration (a good thing).  If Untangle's Attack Blocker is installed, it will probably see the Registration attempts as an attack and block them.  Either adding an exception to the IP of the Registration site or removing the Attack Blocker rack module will solve this problem.  A nameserver lookup (on Windows: "nslookup" in the command prompt) is recommended to determine which IP is associated to the registration server.
 
This solution was tested with Trixbox Community Edition 2.8.0.4 and Untangle 64-bit version 7.3.1.

Latest revision as of 16:37, 18 January 2023

How is VOIP handled?

It's highly recommended to bypass all VoIP traffic which passes through your NG Firewall. More details here: VoIP Deployment Models and Troubleshooting Guide


My VoIP doesn't work. Why?

Some VoIP deployments use intelligent NAT traversal techniques that conflict with the VoIP NAT-fixing done inside NAT on the NG Firewall. In this case you can uncheck 'enable SIP NAT Helper' in Config > Network > Advanced > Options.


Does NG Firewall support Polycom video conferencing?

This technology uses H323 protocol, and NG Firewall does no special handling for H323. It is recommended to bypass H323 traffic. For more information, go to Bypass Rules.


Can I use VoIP over VPN?

Arista ETM does not recommend this configuration. VoIP over VPN can result in poor voice quality and dropped calls. For more information on configuring VoIP for best performance, go to VoIP Deployment Models and Troubleshooting Guide.

Retrieved from "https://wiki.edge.arista.com/index.php?title=VoIP_FAQs&oldid=28537"