Known Issues

  1. If these firewalls are not configured, they intermittently interfere with phone registration, causing call and feature failures.
  2. SIP Transformations, which is the same as SIP ALG, may be enabled and will cause call failures and one-way audio problems.
  3. Security Note: We are adding rules that only allows traffic to/from your Intermedia phones and the Intermedia Voice servers. Your computers remain fully protected. The firewall rules below only apply to the Intermedia phones.

Resolution

The instructions below only apply to Old SonicWalls with the Green/Blue/Gray Interface, which is also known as SonicOS Standard.

Depending on the make/model of your SonicWall and the firmware version, the instructions may vary slightly.  The models that typically have this old interface include the following:

  • TZ100 series, TZ150 series, TZ170 series, TZ170 SP series, TZ180 series, TZ190 series, TZ200 series, TZ210 series
  • NSA 240,  2400MX, 3500, 4500, 5000, E-Class E7500, E-Class E8510, & Legacy PRO 1260, 2040, 3060, 4060, 4100, 5060
  1. Login to the SonicWall > Go to VoIP
    • Enable consistent NAT: Uncheck
    • Enable SIP Transformations: Uncheck
    • Click Apply
  2. Go to Security Services > Content Filter
    • If you subscribed to the Content Filter feature, then scroll down to CFS Policy per IP Address Range > click Add > set the following:
    • For Hosted PBX 2.0:
      • IP Address From: 64.28.112.0
      • IP Address To: 64.28.127.255
      • CFS Policy: Default
      • Comment: To allow devices to access the Intermedia Voice WAN IP range
    • For Hosted PBX 1.0:
      • IP Address From: 206.225.167.64
      • IP Address To: 206.225.167.127
      • IP Address From: 199.193.202.64
      • IP Address To: 199.193.202.95
      • IP Address From: 206.225.166.128
      • IP Address To: 206.225.166.143
      • Comment: To allow devices to access the Intermedia Voice WAN IP range
    • Click Apply
  3. Adjust the DHCP scope:
    • Go to Network > DHCP Server
    • Where it says DHCP Server Settings, confirm that Enable DHCP Server is checked.
      • If that option isn't checked, that means you have your primary DHCP server running on a separate device, like a Windows Server.
      • You will need to create DHCP IP reservations on your separate DHCP server for each Intermedia device and not on the SonicWall.
      • The instructions will be very similar to the steps below and in step 4.
    • Scoll down to Current DHCP Leases > Make note of the range of IPs that devices currently have
      • Example: Listed IPs go from 192.168.1.2 to 192.168.1.149
    • Go to DHCP Server Lease Scopes > where it says View Style, select the All option
    • There should be at least 1 Dynamic scope listed -> go to the right and click on the Pencil/Paper icon to Edit it
    • Change the Start or End IP to narrow the DHCP scope.  This will allow you to create IP reservations outside this Dynamic scope.
      • Example:
      • Start IP: 192.168.1.2
      • End IP: 192.168.1.254
      • Listed IPs go from 192.168.1.2 to 192.168.1.149
      • In this case, you would change the End IP to 192.168.1.149 to leave 192.168.1.150 and above open for the phones.
    • Click OK when you're done adjusting the scope.
  4. Now we need to create DHCP IP reservations for each Intermedia device:
    • Only do the steps below on your SonicWall if the box 'Enable DHCP Server' was checked from step 3.
    • Under DHCP Server Lease Scopes, click Add Static and enter the settings below:
      • Enable this DHCP Scope: check this box
      • Interface: LAN
      • Entry Name: Intermedia Device <MAC address>
        • Example: Intermedia Device 0004F2AFE953
      • Static IP Address: enter the IP you want the phone to have
        • Example: for phone Extension 100, we used 192.168.1.150
      • Ethernet Address: enter in the MAC address of the 1st Intermedia device -- make sure every 2 characters are separated by colons
        • Example: 00:04:F2:AF:E9:53
      • Lease Time (minutes): 1440
      • Gateway Preferences: set this to the private IP of the SonicWall
      • Default Gateway: this should automatically be set to the private IP of the SonicWall
      • Subnet Mask: this should be set automatically as long as the private IP of the SonicWall was selected under Gateway Preferences.
      • Click on the DNS/WINS Tab:
        • Change Use SonicWall DNS Servers to Custom Servers
        • Set the Primary DNS to 8.8.8.8
        • Set the Secondary DNS to 8.8.4.4
        • Click OK
    • Repeat step 4 until all Intermedia devices are added one-by-one -- this includes each Polycom phone, Vertical phone, Fax Adapter, Wireless Transmitter's LAN+WAN MAC address, Cisco Cordless Transmitter/Base-Unit, Vertical Xcelerator Base-Unit, and RTX Cordless Transmitter.  Have each device's IP go up in sequence.
      • Example:
        Device IP Address
        Polycom 4-line Phone Extension 100 192.168.1.150
        Polycom Conference Phone Extension 101 192.168.1.151
        Vertical 2-line Phone Extension 102 192.168.1.152
        Cisco Fax Adapter 192.168.1.153
        Cisco Cordless Transmitter/Base-Unit 192.168.1.154
        Wireless Transmitter 192.168.1.155
        Vertical Xcelerator Base Unit 192.168.1.156
        RTX Cordless Transmitter 192.168.1.157
    • Click Apply at the top of the DHCP Server page to save your changes.
  5. Go to Network > Address Object - If you do not have an Address Object option, skip to step 6.  Some legacy SonicWall firmware versions don't have this feature.
    • Click Add and set the following:
      • Name: Intermedia Voice Devices
      • Zone Assignment: LAN
      • Type: Range
      • Starting IP Address: Enter the first IP address of first Intermedia Device you added in step 4.
        • Example: 192.168.1.150     (for the Polycom 4-line Phone Extension 100)
      • Ending IP Address: Enter the last IP address of last Intermedia Device you added in step 4.
        • Example: 192.168.1.157     (for the RTX Cordless Transmitter)
      • Click OK to save
    • Click Add again and set the following
    • For Hosted PBX 2.0:
      • Name: Intermedia Voice WAN IP Range
      • Zone Assignment: WAN
      • Type: Range
      • Starting IP Address: 64.28.112.0
      • Ending IP Address: 64.28.127.255
      • Click OK to save
    • For Hosted PBX 1.0:
      • Name: Intermedia Voice WAN IP Range 1
      • Zone Assignment: WAN
      • Type: Range
      • Starting IP Address: 206.225.167.64
      • Ending IP Address: 206.225.167.127
      • Click OK to save, click Add again
      • Name: Intermedia Voice WAN IP Range 2
      • Zone Assignment: WAN
      • Starting IP Address: 199.193.202.64
      • Ending IP Address: 199.193.202.95
      • Click OK to save, click Add again
      • Name: Intermedia Voice WAN IP Range 3
      • Zone Assignment: WAN
      • Type: Range
      • Starting IP Address: 206.225.166.128
      • Ending IP Address: 206.225.166.143
      • Click OK to save
  6. Go to Firewall > Access Rules > Remove any old Intermedia, AccessLine (AL), or other VoIP firewall rules before proceeding to the next step.
  7. Go to Firewall > Access Rules > click Add to create the WAN to LAN rule:
    • Action: Allow
    • From Zone: WAN
    • To Zone: LAN
    • Service: Any
    • Source -
      • If you did step 5 with the Address Objects, then select the Address Object named "Intermedia Voice WAN IP Range".
      • If you did notdo step 5 because you didn't have the Address Objects option, then set the following:
      • For Hosted PBX 2.0:
        • Ethernet: WAN
        • Address Range Begin: 64.28.112.0
        • Address Range End: 64.28.127.255
      • For Hosted PBX 1.0, upgrade your SonicWall firmware and return to Step 5.
    • Destination -
      • If you did step 5 with the Address Objects, then select the Address Object named "Intermedia Voice Devices".
        • If you did notdo step 5 because you didn't have the Address Objects option, then set the following:
        • Ethernet: LAN
        • Address Range Begin: Enter the first IP address of first Intermedia Device you added in step 4.
          • Example: 192.168.1.150     (for the Polycom 4-line Phone Extension 100)
        • Address Range End: Enter the last IP address of last Intermedia Device you added in step 4.
          • Example: 192.168.1.157     (for the RTX Cordless Transmitter)
    • Users Allowed: All
    • Schedule: Always On
    • Comment: To allow Intermedia devices
    • Allow Fragmented Packets: Uncheck
    • Enable Logging: Check (optional but useful)
    • Allow Fragmented Packets: Uncheck
    • Click OK
  8. Click Add to create the LAN to WAN rule:
    • Action: Allow
    • From Zone: LAN
    • To Zone: WAN
    • Service: Any
    • Source -
      • If you did step 5 with the Address Objects, then select the Address Object named "Intermedia Voice Devices".
      • If you did not do step 5 because you didn't have the Address Objects option, then set the following:
        • Ethernet: LAN
        • Address Range Begin: Enter the first IP address of first Intermedia Device you added in step 4.
          • Example: 192.168.1.150     (for the Polycom 4-line Phone Extension 100)
        • Address Range End: Enter the last IP address of last Intermedia Device you added in step 4.
          • Example: 192.168.1.157     (for the RTX Cordless Transmitter)
    • Destination -
      • If you did step 5 with the Address Objects, then select the Address Object named "Intermedia Voice WAN IP Range".
      • If you did not do step 5 because you didn't have the Address Objects option, then set the following
      • For Hosted PBX 2.0:
        • Ethernet: WAN
        • Address Range Begin: 64.28.112.0
        • Address Range End: 64.28.127.255
      • For Hosted PBX 1.0, upgrade your SonicWall firmware and return to step 5.
    • Users Allowed: All
    • Schedule: Always On
    • Comment: To allow Intermedia devices
    • Enable Logging: Check (optional but useful)
    • Allow Fragmented Packets: Uncheck
    • Click OK
  9. This step is needed for call quality monitoring and troubleshooting:
    Go to Firewall → Access Rules → click Add
    • Action: Allow
    • From Zone: WAN
    • To Zone: LAN
    • Service: Ping
    • Source -
      • If you did step 5 with the Address Objects, then select the Address Object named "Intermedia Voice WAN IP Range".
      • If you did not do step 5 because you didn't have the Address Objects option, then set the following
      • For Hosted PBX 2.0:
        • Ethernet: WAN
        • Address Range Begin: 64.28.112.0
        • Address Range End: 64.28.127.255
      • For Hosted PBX 1.0, upgrade your SonicWall firmware and return to step 5.
    • Destination -
      • If you did step 5 with the Address Objects, then enter the private IP of the SonicWall.
        • If you did not do step 5 because you didn't have the Address Objects option, then set the following:
        • Ethernet: LAN
        • Address Range Begin: Enter the private IP of the SonicWall
        • Address Range End: Enter the private IP of the SonicWall
    • Users Allowed: All
    • Schedule: Always On
    • Comment: To allow Intermedia call quality monitoring and troubleshooting
    • Enable Logging: Check (optional but useful)
    • Allow Fragmented Packets: Uncheck
    • Click OK
    • Reboot the SonicWall when it's okay for the phones and computers to go offline briefly to ensure all the changes take effect.