These firewalls have a powerful Bandwidth Management (BWM) system, which customers have great success using to prevent or resolve many call quality problems.

  • BWM allows you to reserve the exact amount of bandwidth the Intermedia devices need. This feature is rare to find on small-business grade firewalls at an economical price-point.

Known Issues

  1. SIP ALG is enabled by default, but it is easy to disable.
  2. The firewall intermittently interferes with phone registration but it does not when the changes below are made.
  3. We recommend that you do not enable the IP/MAC Binding feature on the DRAYTEK. Testing has confirmed that this will lock up the device and cause it to constantly reboot.
    • This feature will not allow devices that are not getting an IP address from the DRAYTEK DHCP server to access the internet or ping the DRAYTEK.
    • It is a security feature that prevents a hacker from walking into your office, plugging their computer into the firewall or switch, & gaining access to your network.
    • When this feature is enabled, the DRAYTEK can appear as if it is locked up when it actually is not.
    • The ‘lock-up’ can occur due to one or more of the 3 situations below:
      • You are using a standalone DHCP server, such as running one on a Windows Server, instead of using the DHCP server on the DRAYTEK.
      • A computer or other device was manually configured to use a static IP address and the DRAYTEK is not aware of that static IP address assignment.
      • The MAC address of a computer or phone was incorrectly entered.

Firmware Information

  • Confirmed Stable Firmware:
    • Vigor 2920: no confirmations of firmware issues
    • Vigor 2925: no confirmations of firmware issues

Resolution

  1. Telnet to the router to disable SIP ALG using PuTTYtel
    • Log in to the router in Telnet using the admin username and password
    • Enter the following command:
      • sys sip_alg ?
        • If the router says 'current SIP ALG is disabled' you don't need to do anything.
    • If SIP ALG is enabled enter the following commands
      • sys sip_alg 0
      • sys commit
      • sys reboot
    • DNS server addresses need to be changed to set of efficient DNS servers, like Google's DNS or another DNS, to prevent intermittent registration failures on Polycom phones.
    • SIP ALG is disabled by default, but if it was enabled, it needs to be disabled to prevent intermittent one-way audio and call and phone feature failures.
    • This router is capable of mutli-WAN interfaces for load balancing. The Hosted PBX interprets load-shared packets as being out of order and has a tendency to discard out of order packets, which would cause severe degradation in call quality. All Voice over IP systems would see this condition as a high jitter level. This problem may lead to a constant level of call quality degradation through the call. It is preferable to configure load sharing devices to operate by establishing VoIP calls through consistent routes and to avoid spreading packets from the same call over different paths.
    • There may be other issues with this router which have not been documented or tested.
  2. Log in to the router.
  3. This set up assumes the device is in its default configuration with no VLANs or multiple LAN subnets.
  4. Go to LAN > General Setup > Click OK > Select "Details Page" for LAN 1 and change the following under 'DNS Server IP Address':
    • Primary DNS: 8.8.8.8
    • Secondary DNS: 8.8.4.4
    • Click OK
  5. Go to LAN > General Setup > Click OK.
    • Enable "Force router to use 'DNS server IP address' settings specified in 'LAN1'"
  6. Telnet to the router to disable SIP ALG using PuTTYtel
    • Log in to the router in Telnet using the admin username and password
    • Enter the following command:
      • sys sip_alg ?
        • If the router says 'current SIP ALG is disabled' you don't need to do anything.
    • If SIP ALG is enabled enter the following commands
      • sys sip_alg 0
      • sys commit
      • sys reboot
    • This router is capable of bandwidth management however it has not been tested rigorously to ensure its efficacy. If you need assistance configuring bandwidth management on this router contact Intermedia for assistance.
  7. Go to Object Setting > IP Object:
    • Select the Index number starting from “1” and working down thru “12”
    • Add each of the following Address Objects below:
      • Name: "CVRTP_Svr_Blk_1".
        • Address Type: “SUBNET”.
        • Network: "64.28.114.0" (for accounts created after 5/6/15 use 62.28.123.0).
        • Netmask: "255.255.255.0".
        • Click OK.
      • Name: "CVRTP_Svr_Blk_2".
        • Address Type: “SUBNET”.
        • Network: "64.28.115.0" (for accounts created after 5/6/15 use 62.28.124.0).
        • Netmask: "255.255.255.0".
        • Click OK.
      • Name: "CV_Cfg_Svr_1".
        • Address Type: "Single Address".
        • IP Address: "64.28.115.146".
        • Click OK.
      • Name: "CV_Cfg_Svr_2".
        • Address Type: "Single Address ".
        • IP Address: "64.28.112.148".
        • Click OK.
      • Name: "CV_DNS-T_Svr_1"
        • Address Type: "Single Address ".
        • IP Address: "64.28.112.157".
        • Click OK.
      • Name: "CV_DNS-T_Svr_2"
        • Address Type: "Single Address ".
        • IP Address: "64.28.115.137".
        • Click OK.
      • Name: "CV_DNS-T_Svr_3".
        • Address Type: "Single Address ".
        • IP Address: "64.28.126.9".
        • Click OK.
      • Name: "CV_SVDNS_Svr".
        • Address Type: “Single Address”.
        • IP Address: "64.28.126.29".
        • Click OK.
      • Name: "CV_PTS_Svr".
        • Address Type: "Single Address ".
        • IP Address: "64.28.115.150".
        • Click OK.
      • Name: "CV_Png_Tst_Svr".
        • Address Type: "Single Address ".
        • IP Address: "64.28.122.100".
        • Click OK.
      • Name: "CV_VoIP_TestSvr".
        • Address Type: "Single Address ".
        • IP Address: "64.28.122.102".
        • Click OK.
      • Name: "CV_SIP_Reg_Svr".
        • Address Type: “Single Address”.
        • IP Address: "64.28.113.10" for accounts created before 5/6/15
        • OR "64.28.119.10" for accounts created after 5/6/15
        • Click OK.
      • Click on the Address Group tab > Add:
        • Name: "CV_Servers".
        • In the left-hand box, you have to click each of the of the 12 objects and add them individually.
        • Click the "->" button to move each object to the right.
        • Click OK.
  8. Go to Object Settings > Service Type Object:
    • Add each of the following Address Objects below, selecting the index numbers 1 thru 5:
      • Name: "CV_RTP_AudioRng".
        • IP Protocol: UDP.
        • Port Range: 30000 – 50000.
        • Port Range: 30000 – 50000.
        • Click OK.
      • Name: "CV_SIP_Ports_1".
        • IP Protocol: UDP.
        • Port Range: 6060 – 6061.
        • Port Range: 6060 – 6061.
        • Click OK.
      • Name: "CV_SIP_Ports_2".
        • IP Protocol: UDP.
        • Port Range: 6100 – 6899.
        • Port Range: 6100 – 6899.
        • Click OK.
      • Name: "CVVoIP_SIP_Rng".
        • IP Protocol: UDP.
        • Port Range: 5678 – 6677.
        • Port Range: 5678 – 6677.
        • Click OK.
      • Name: "CV_VoIP_RTP_Rng".
        • Protocol: UDP.
        • Port Range: 50000 – 60000.
        • Port Range: 50000 – 60000.
        • Click OK.
    • Click on the Service Type Group > Add:
      • Name: "CVoice_SrvPorts".
      • In the left-hand box, highlight the 5 Service Objects you created above.
      • Click the "->" button to move those Objects to the right.
      • Click OK.
  9. Go to Firewall > Filter Setup:
    • Click on “Call Filter”
    • Click first index number available (first one may be for “NetBios” leave as is):
      • Click check box: Check to enable the Filter Rule.
      • Name: "VoIP_Outbound".
      • From: LAN/RT/VPN -> Wan
      • To: Any
      • Source: click the “Edit” button
        • Click the drop down for IP OBJECT and select: "CV_Servers"
      • Destination IP: Any
      • Service Type: click the “Edit” button
        • Click the drop down for Service Group and select: "CVoice_SrvPorts".
      • Quality of Service: Class 1
      • Syslog: check.
      • Click Add:
    • Click on next available index number
      • Click check box: Check to enable the Filter Rule.
      • Name: "VoIP_Inbound".
      • From: Any.
      • To: Wan -> LAN/RT/VPN
      • Source IP: click the “Edit” button
      • Click the drop down for IP OBJECT and select: "CV_Servers".
      • Destination: Any.
      • Service Type: click the “Edit” button
      • Click the drop down for Service Group and select: "CVoice_SrvPorts".
      • Quality of Service: Class 1
      • Syslog: check.
      • Click Add:
    • Click on next available index number
      • Click check box: Check to enable the Filter Rule.
      • Name: " CV_Png_Tst_Svr ".
      • Direction: Wan -> LAN/RT/VPN
      • Source IP: click the “Edit” button
        • Click the drop down for IP OBJECT and select: "CV_Servers".
      • Destination IP: Any.
      • Service Type: click the “Edit” button
      • Click the drop down for Service Group and select: "CVoice_SrvPorts".
      • Click Add
  10. The steps below are needed to reserve the exact amount of bandwidth the phones need to prevent call quality problems:
    • Go to Bandwidth Management > Quality of Service
    • Select the appropriate WAN port > Setup
      • Enable the QoS Control: Select “Both”
      • Enable Highest Bandwidth Priority for SIP Traffic: Uncheck.
        • Set inbound and Outbound to speeds retrieved from the speedtest
        • Only adjust the classes if they have low bandwidth
        • Click the check box to “Enable UDP Bandwidth Control”
      • Click OK at the bottom of the page.
        • Inbound: calculate this number: (#-of-phones * 50kbps) + (#-of-fax-adapters * 100kbps) + (50 kbps for 1 VoIP/Soak Test Tool).
          • Priority: 5.
          • Maximize Bandwidth Usage: Uncheck.
          • Maximum: calculate this number: (#-of-phones * 100kbps) + (#-of-fax-adapters * 100kbps) + (100kbps for 1 VoIP/Soak Test Tool).
        • Outbound: calculate this number: (#-of-phones * 50kbps) + (#-of-fax-adapters * 100kbps) + (50 kbps for 1 VoIP/Soak Test Tool).
          • Priority: 5.
          • Maximize Bandwidth Usage: Uncheck.
          • Maximum: calculate this number: (#-of-phones * 100kbps) + (#-of-fax-adapters * 100kbps) + (100kbps for 1 VoIP/Soak Test Tool).