Last Updated on 2015-08-08.
Scenario
Using an Asterisk based VoIP system, external calls via SIP which go through a Dell Sonicwall (e.g. tz 200) cause problems. E.g. you call out any number, the call is answered, but you don’t hear anything for the first 10-15 seconds.
Narrow down the issue
Use the included Sonicwall packet monitor (use a filter for source IP with your Asterisk server) to find out if any packets are dropped during a call. You probably find out lines like this one:
DROPPED, Drop Code: 40(Enforced firewall rule), Module Id: 25(network), (Ref.Id: _5562_uyHtJcpfngKrRmv) 0:0)
So we have to find out what causes the drop.
Reason, Solution
According to this Dell KB entry, it seems like this message is caused by Firewall or NAT rules. Make sure they are plausible.
Sonicwall takes it quite seriously to be a security appliance, so it drops packets quite often if they don’t fit to certain standards.
If you use any content filter, try to disable it temporarily and/or enter your external SIP carrier domain to the allowed domains.
If you use the Single-Sign-On feature (SSO), be careful to NOT use it for your Asterisk server IP! When Asterisk accesses the Internet, Sonicwall tries to ask it for the current username, even if you have allowed access to all outgoing ports, which usually ends up with an error. For whatever reason, Sonicwall then drops packets from this IP if it does not get a username. So please add the Asterisk IP to the SSO exclusions list.
For Asterisk servers also check VoIP -> “Enable Consistent NAT”.
Besides, many sites recommend a higher UDP timeout for Asterisk in the Firewall, like 3600 seconds. You can set the default UDP timeout higher, and/or modify the firewall rule itself (“Advanced” tab).