Approved Routers / QoS Settings

Approved Routers / QoS Settings

Overview

The following Quality of Service values are used with all phones registered to the Primevox infrastructure. All router models by these manufacturers are supported by our VoIP services.
 
SIP Signaling: 26 / AF31 / 0x68 (UDP or TCP)
RTP Audio: 46 / EF / 0xB8 (UDP Only)
 
SIP Ports: 8643 (UDP), 8645 (TCP), 8647 (TLS)
RTP Ports: 10,000-40,000 UDP

 

Cisco Meraki QoS Settings

Here are the QoS settings to use for Cisco Meraki security gateways and switches. These settings can be set in Switches  Switch Settings.

Please note, the RTP ports shown (11780-12780) are for Yealink phones. Please look at the top of this article for ports specific to your phones.

 
Screen_Shot_2018-06-07_at_7.21.48_PM.png
 

Some Meraki firmware versions may look different. Here is another screenshot for the same configuration from a newer Meraki unit.

To create these rules, you must use Expressions. For port numbers, simply enter the port number or the port range, like "4242" or "5060-5062"
 

image001.png



Sonicwall QoS Settings


Before anything, go to the VoIP tab and enable Consistent NAT and disable SIP Translations/Transformations.

1. Go to Firewall Settings  BWM.

2. Enable Realtime and Medium. Disable everything else.

3. Set Realtime "Guaranteed" to 50%.

4. Set Medium "Guaranteed" to 50%.

5. Set Realtime "Maximum/Burst" to 100%.

6. Set Medium "Maximum/Burst" to the following:
  1. For 10 or fewer phones, 95%.
  2. For 11-25 phones, 90%.
  3. For 26+ phones, 85%.
7. Save this screen.

8. Go to Firewall  Address Objects.

9. Click 'Add' to add an Address Object.
  1. Name it 'IP Phone X', increasing X since these must have unique names.
  2. Assign it to zone LAN
  3. Set Type to MAC Address
  4. Populate the MAC Address field with a phone's mac
  5. REPEAT This for every IP Phone on your network, and each phone's MAC.
10. Under "Address Groups", click 'Add Group...' to add an Address Group.

11. Name your group "IP Phone Group" and populate it with all your new IP Phone X objects.

12. Save this new group.

13. Go to Firewall  Access Rules

14. Add a new Rule.
  1. Action: Allow
  2. From: LAN
  3. To: WAN
  4. Source Port: Any
  5. Service: Any
  6. Source: IP Phone Group
  7. Destination: Any
  8. Users Included: All
  9. Users Excluded: None
  10. Schedule: Always On
  11. Allow Fragmented Packets: YES
  12. Disable DPI: YES (Never enable DPI on IP phones!!!)
  13. Advanced Tab: TCP Connection Timeout: 60 Minutes
  14. Advanced Tab: UDP Connection Timeout: 600 Seconds
  15. QoS Tab: DSCP Marking Action: Explicit
  16. QoS Tab: Explicit DSCP Value: 46 - Expedited Forwarding (EF)
  17. BWM Tab: Check Egress. Set it to 0 Realtime.
  18. BWM Tab: Check Ingress. Set it to 0 Realtime.
15. Save this rule.

16. {Insert reflexive rule instructions here}

17. All done!


Ubiquiti EdgeRouter (EdgeMAX) / USG QoS Settings


You must log into the router's CLI via SSH (or through the web GUI) and issue the following commands. Make sure to change the RTP port range to whichever manufacturer your phones are! Also, make sure you apply the firewall rules to your WAN port. This guide assumes WAN is Eth1 and that the customer has Yealink phones.
 
  1. configure
    1. set firewall modify SETDSCP_IN rule 1 action modify
    2. set firewall modify SETDSCP_IN rule 1 destination port 11780-12780
    3. set firewall modify SETDSCP_IN rule 1 modify dscp 46
    4. set firewall modify SETDSCP_IN rule 1 protocol udp
    5. set firewall modify SETDSCP_IN rule 2 action modify
    6. set firewall modify SETDSCP_IN rule 2 source port 4242
    7. set firewall modify SETDSCP_IN rule 2 modify dscp 46
    8. set firewall modify SETDSCP_IN rule 2 protocol tcp
    9. set firewall modify SETDSCP_IN rule 3 action modify
    10. set firewall modify SETDSCP_IN rule 3 source port 4242
    11. set firewall modify SETDSCP_IN rule 3 modify dscp 46
    12. set firewall modify SETDSCP_IN rule 3 protocol udp
    13. set firewall modify SETDSCP_IN rule 4 action modify
    14. set firewall modify SETDSCP_IN rule 4 source port 5060-5062
    15. set firewall modify SETDSCP_IN rule 4 modify dscp 46
    16. set firewall modify SETDSCP_IN rule 4 protocol tcp
    17. set firewall modify SETDSCP_IN rule 5 action modify
    18. set firewall modify SETDSCP_IN rule 5 source port 5060-5062
    19. set firewall modify SETDSCP_IN rule 5 modify dscp 46
    20. set firewall modify SETDSCP_IN rule 5 protocol udp

    21. set firewall modify SETDSCP_OUT rule 1 action modify
    22. set firewall modify SETDSCP_OUT rule 1 source port 11780-12780
    23. set firewall modify SETDSCP_OUT rule 1 modify dscp 46
    24. set firewall modify SETDSCP_OUT rule 1 protocol udp
    25. set firewall modify SETDSCP_OUT rule 2 action modify
    26. set firewall modify SETDSCP_OUT rule 2 destination port 4242
    27. set firewall modify SETDSCP_OUT rule 2 modify dscp 46
    28. set firewall modify SETDSCP_OUT rule 2 protocol tcp
    29. set firewall modify SETDSCP_OUT rule 3 action modify
    30. set firewall modify SETDSCP_OUT rule 3 destination port 4242
    31. set firewall modify SETDSCP_OUT rule 3 modify dscp 46
    32. set firewall modify SETDSCP_OUT rule 3 protocol udp
    33. set firewall modify SETDSCP_OUT rule 4 action modify
    34. set firewall modify SETDSCP_OUT rule 4 destination port 5060-5062
    35. set firewall modify SETDSCP_OUT rule 4 modify dscp 46
    36. set firewall modify SETDSCP_OUT rule 4 protocol tcp
    37. set firewall modify SETDSCP_OUT rule 5 action modify
    38. set firewall modify SETDSCP_OUT rule 5 destination port 5060-5062
    39. set firewall modify SETDSCP_OUT rule 5 modify dscp 46
    40. set firewall modify SETDSCP_OUT rule 5 protocol udp

    41. set interfaces ethernet eth1 firewall in modify SETDSCP_IN
    42. set interfaces ethernet eth1 firewall out modify SETDSCP_OUT 
  2. commit
  3. save


Fortigate / Fortinet QoS Settings


Make sure to disable the SIP Helper/SIP ALG:
  1. ~# telnet firewall
  2. ​config system settings
  3. ​set sip-helper disable
  4. ​set sip-nat-trace disable
  5. ​end
 
config system session-helper
  1. show <—- use this to find out which entry is configured for typically 12 or 13
  2. delete 12
  3. end
 
 

    • Related Articles

    • Non-Approved Routers and Modems

      Overview This is an ongoing list of routers/modems known for their lack of VoIP reliability. If you would like to see a list of approved routers, please view the article called "Approved Routers / Quality of Service". Cisco RV Series These are not ...

    • API Routers

      What is an API Router? An API (Application Programming Interface) is a set of rules and tools that allows software applications to communicate with each other. An API Router is a tool that lets you route calls based on real-time information from ...

    • Extension Settings

      Introduction What is an Extension? An extension is a unique number assigned to a user, phone, or device within your organization’s phone system. It serves as a direct internal line, allowing colleagues to reach each other quickly without dialing full ...

    • Call Flow Settings

      What Are Call Flow Settings? Call Flow Settings allow users customize how calls are routed based on the time, preset rules, or manual override toggles. This includes things like setting business hours, creating special schedules for holidays, and ...

    • Recommended Internet and Network Settings

      Overview For optimal performance and reliability with Primevox services, certain internet and network configurations must be applied to your firewall, router, and other network equipment. These settings ensure stable SIP registration, consistent call ...