Known Issues:

  1. If not properly configured, these devices will mishandle RTP traffic causing one-way audio and dead air on phone calls.
  2. Versions listed below have been shown to be susceptible to remote take over via CSRF attacks.
    1. Hardware versions A – D. If you have one of these earlier models it is recommended that you contact your ISP for the latest model.
    2. Hardware versions E – H have not been tested.
    3. Latest firmware available is 40.21.18. If your router is not on this firmware version, it is recommended that you contact your ISP or IT personnel to update this for you.
    4. Please review the following pages for additional information.
      1. Case Studies – Taking over the MI424
      2. Security Vulnerabilities in SOHO Routers
  3. NOTE: The WAN Pin Servers were updated on 1/10/2017. If you are running a VoIP Ping Test and it is not responding correctly, please ensure that your router configuration to match those of this configuration guide.


Resolution:

  1. Log into the router
  2. Advanced > Yes to the warning > ALG’s (newer versions will have it labeled ‘SIP ALG’):
    1. SIP ALG: Unchecked/disabled
    2. Click Apply.
  3. Advanced > Yes to the warning > Remote Administration:
    1. Allow Incoming WAN ICMP Echo Requests (e.g. pings and ICMP traceroute queries):
      1. Click the ‘Check’ box > then click Apply.
      2. On later versions this may not be enabled by default.
  4. Advanced > Yes to the warning > Quality of Service (QoS):
    1. QoS Input Rules:
    2. Click on the ‘edit’ option QoS Input Rules for Network (Home/Office) Rules.
      1. Click on the ‘edit’ option for the ‘Source Addresses’, select ‘User Defined’, and enter the following:
      2. Click on the ‘Add’ option to enter the following
      3. Description: VoiceAddressesIn
        1. Network Object Type: IP Subnet
          1. <Add Network Information Provided by Intermedia>
          2. For individual IP addresses, select "IP Address"
      4. Protocol, from the dropdown, select ‘User Defined’
      5. Click on the ‘Add’ option to enter the following.
      6. Service Name: VoiceServicesIn
        1. Protocol: select from the dropdown ‘UDP’.
        2. For ‘Source’ and ‘Destination’, select the option for ‘Range’.
        3. Add the following ranges:
          1. Source and Destination port ranges: <Add Network Information Provided by Intermedia>
          2. Source and Destination port ranges: <Add Network Information Provided by Intermedia>
      7. Set the Protocol and Operation priorities to: 6 (Queue 2 – High)
      8. Apply QoS on: Connection
      9. Logging: Check the box to enable ‘Lob packets matched by this rule’.
    3. Click on the ‘edit’ option QoS Output Rules for Network (Home/Office) Rules.
      1. Click on the ‘edit’ option for the ‘Destination Addresses’, select ‘User Defined’, and enter the following:
      2. Click on the ‘Add’ option to enter the following.
      3. Description: VoiceAddressesOut
        1. Network Object Type: IP Subnet
          1. <Add Network Information Provided by Intermedia>
          2. For individual IP addresses, select "IP Address"
      4. Protocol, from the dropdown, select ‘User Defined’
      5. Click on the ‘Add’ option to enter the following.
      6. Service Name: VoiceServicesOut
        1. Protocol: select from the dropdown ‘UDP’.
        2. For ‘Source’ and ‘Destination’, select the option for ‘Range’.
          1. Source and Destination port ranges: <Add Network Information Provided by Intermedia>
      7. Set the Protocol and Operation priorities to: 6 (Queue 2 – High)
      8. Apply QoS on: Connection
      9. Logging: Check the box to enable ‘Lob packets matched by this rule’.
  5. Since these devices are used in conjunction with FiOS connections, traffic shaping is not necessary. This is due to the fact that the connection is “Symmetrical” and the speeds in most U.S. markets start at 30x30. However, in the event it is determined to be necessary, the following settings can be entered by the customer or their IT staff.
    1. Advanced > Yes to the warning > QoS > Traffic Shaping.
      1. Click the ‘Add’ option.
        1. Device: Network (Home/Office)
          1. Click ‘Apply’.
        2. Use this speed test link to take an average of three speed tests.
          1. Broadband Tester
        3. Using the averages derived from the speed test on the previous step, set the Tx (upload) and Rx (download) according the following usage notations for the VoIP devices connected.
          1. Maximum: calculate this number: (#-of-phones * 100kbps) + (#-of-fax-adapters * 100kbps) + (50 kbps for 1 VoIP/Soak Test Tool).
  6. For the last step, we need to change the LAN side DNS servers.
    1. My Network > Network Connections
      1. Click on ‘Network (Home/Office).
      2. Click on ‘Settings’.
      3. DNS Server, enter the following
        1. Primary DNS Server: 8.8.8.8
        2. Secondary DNS Server: 8.8.4.4
      4. Click Apply.
        1. This will bring you back to the previous ‘Network (Home/Office) Properties page.
      5. Click Apply
      6. This completes the configuration.

Additional Resources:

  1. Recommended Switches.
  2. Recommended LAN Configurations.
  3. Network Ports and Protocols for HPBX phones.