The following Quality of Service values are used with all phones registered to the PrimeVOX infrastructure. All router models by these manufacturers are supported by our VoIP services.

SIP Signaling: 26 / AF31 / 0x68 (UDP or TCP)

RTP Audio: 46 / EF / 0xB8 (UDP Only)

SIP Ports: 8643 (UDP), 8645 (TCP), 8647 (TLS)

RTP Ports: 10,000-40,000 UDP

Cisco Meraki QoS Settings

Here are the QoS settings to use for Cisco Meraki security gateways and switches. These settings can be set in Switches -> Switch Settings. Please note, the RTP ports shown (11780-12780) are for Yealink phones. Please look at the top of this article for ports specific to your phones.

Some Meraki firmware versions may look different. Here is another screenshot for the same configuration from a newer Meraki unit. To create these rules, you must use Expressions. For port numbers, simply enter the port number or the port range, like "4242" or "5060-5062"

MikroTik QoS Settings

Under construction.

Sonicwall QoS Settings

0. Before anything, go to the VoIP tab and enable Consistent NAT and disable SIP Translations/Transformations.

1. Go to Firewall Settings -> BWM.

2. Enable Realtime and Medium. Disable everything else.

3. Set Realtime "Guaranteed" to 50%.

4. Set Medium "Guaranteed" to 50%.

5. Set Realtime "Maximum/Burst" to 100%.

6. Set Medium "Maximum/Burst" to the following:

 - For 10 or less phones, 95%.

 - For 11-25 phones, 90%.

 - For 26+ phones, 85%.

7. Save this screen.

8. Go to Firewall -> Address Objects.

9. Click 'Add' to add an Address Object.

 - Name it 'IP Phone X', increasing X since these must have unique names.

 - Assign it to zone LAN

 - Set Type to MAC Address

 - Populate the MAC Address field with a phone's mac

--- REPEAT This for every IP Phone on your network, and each phone's MAC.

10. Under "Address Groups", click 'Add Group...' to add an Address Group.

11. Name your group "IP Phone Group" and populate it with all your new IP Phone X objects.

12. Save this new group.

13. Go to Firewall -> Access Rules

14. Add a new Rule.

 - Action: Allow

 - From: LAN

 - To: WAN

 - Source Port: Any

 - Service: Any

 - Source: IP Phone Group

 - Destination: Any

 - Users Included: All

 - Users Excluded: None

 - Schedule: Always On

 - Allow Fragmented Packets: YES

 - Disable DPI: YES (Never enable DPI on IP phones!!!)

 - Advanced Tab: TCP Connection Timeout: 60 Minutes

 - Advanced Tab: UDP Connection Timeout: 600 Seconds

 - QoS Tab: DSCP Marking Action: Explicit

 - QoS Tab: Explicit DSCP Value: 46 - Expedited Forwarding (EF)

 - BWM Tab: Check Egress. Set it to 0 Realtime.

 - BWM Tab: Check Ingress. Set it to 0 Realtime.

15. Save this rule.

16. {Insert reflexive rule instructions here}

17. All done!

Ubiquiti EdgeRouter (EdgeMAX) / USG QoS Settings

You must log into the router's CLI via SSH (or through the web GUI) and issue the following commands. Make sure to change the RTP port range to whichever manufacturer your phones are! Also, make sure you apply the firewall rules to your WAN port. This guide assumes WAN is Eth1 and that the customer has Yealink phones.

configure

set firewall modify SETDSCP_IN rule 1 action modify

set firewall modify SETDSCP_IN rule 1 destination port 11780-12780

set firewall modify SETDSCP_IN rule 1 modify dscp 46

set firewall modify SETDSCP_IN rule 1 protocol udp

set firewall modify SETDSCP_IN rule 2 action modify

set firewall modify SETDSCP_IN rule 2 source port 4242

set firewall modify SETDSCP_IN rule 2 modify dscp 46

set firewall modify SETDSCP_IN rule 2 protocol tcp

set firewall modify SETDSCP_IN rule 3 action modify

set firewall modify SETDSCP_IN rule 3 source port 4242

set firewall modify SETDSCP_IN rule 3 modify dscp 46

set firewall modify SETDSCP_IN rule 3 protocol udp

set firewall modify SETDSCP_IN rule 4 action modify

set firewall modify SETDSCP_IN rule 4 source port 5060-5062

set firewall modify SETDSCP_IN rule 4 modify dscp 46

set firewall modify SETDSCP_IN rule 4 protocol tcp

set firewall modify SETDSCP_IN rule 5 action modify

set firewall modify SETDSCP_IN rule 5 source port 5060-5062

set firewall modify SETDSCP_IN rule 5 modify dscp 46

set firewall modify SETDSCP_IN rule 5 protocol udp

set firewall modify SETDSCP_OUT rule 1 action modify

set firewall modify SETDSCP_OUT rule 1 source port 11780-12780

set firewall modify SETDSCP_OUT rule 1 modify dscp 46

set firewall modify SETDSCP_OUT rule 1 protocol udp

set firewall modify SETDSCP_OUT rule 2 action modify

set firewall modify SETDSCP_OUT rule 2 destination port 4242

set firewall modify SETDSCP_OUT rule 2 modify dscp 46

set firewall modify SETDSCP_OUT rule 2 protocol tcp

set firewall modify SETDSCP_OUT rule 3 action modify

set firewall modify SETDSCP_OUT rule 3 destination port 4242

set firewall modify SETDSCP_OUT rule 3 modify dscp 46

set firewall modify SETDSCP_OUT rule 3 protocol udp

set firewall modify SETDSCP_OUT rule 4 action modify

set firewall modify SETDSCP_OUT rule 4 destination port 5060-5062

set firewall modify SETDSCP_OUT rule 4 modify dscp 46

set firewall modify SETDSCP_OUT rule 4 protocol tcp

set firewall modify SETDSCP_OUT rule 5 action modify

set firewall modify SETDSCP_OUT rule 5 destination port 5060-5062

set firewall modify SETDSCP_OUT rule 5 modify dscp 46

set firewall modify SETDSCP_OUT rule 5 protocol udp

set interfaces ethernet eth1 firewall in modify SETDSCP_IN

set interfaces ethernet eth1 firewall out modify SETDSCP_OUT

commit

save

pfSense QoS Settings

Under construction.

Untangle QoS Settings

Under construction.

Fortigate / Fortinet QoS Settings

Make sure to disable the SIP Helper/SIP ALG:

~# telnet firewall
config system settings
set sip-helper disable
set sip-nat-trace disable
end

config system session-helper
show <—- use this to find out which entry is configured for typically 12 or 13
delete 12
end