Firewall blocking inbound voice from outbound calls

[sgrunspan]

I'm coming to the forum because, well, it's often more expeditious than tech support. I have an ooma teleo behind a new sonicwall TZ100. I opened all the listed ports UDP and TCP and my teleo worked. At least I thought it did. The following day I realized that if I place the call I can't hear their phone ring, and I can't hear their voice. They can hear me. If they call me, as an ooma tech support person did, everything functions normally. Currently the ooma is behind the firewall, if I put the ooma in front it works, so it is the firewall. When I captured some packets I saw a whole bunch of dropped packets originating from what I assume are ooma servers port 3480 and trying to access my ooma on port 7459. 7459 is not one of the listed ports. There were dozens and dozens of these dropped packets. Here's where it gets weird. I deleted and recreated the firewall rules and I rebooted everything. With the ooma back behind the firewall I still can't hear the other person but I don't have any dropped packets going to UDP 7459 or any dropped packets at all.

Anyone have an suggestions? Suggestions other than DMZing the ooma as that wouldn't allow me to use sonic wall's QoS.

thanks

UPDATE:
This doesn't happen with every number? When I call a TimeWarner VOIP number, the call is normal. When I call a sprint mobile or another landline number I can't hear anything? Maybe it isn't the firewall afterall?
I put the ooma in the DMZ and opened everything, no difference.

[rpoomatelo]

I am seeing similar problems with a new SonicWALL TZ200. I had no problems when using it in the same configuration with the TZ170 it replaced (modem->tz1700->telo). I never opened anything in the firewall to support the telo in the past, but with the TZ200, some calls work just fine, others do as you say, where I call and hear nothing (no ring, or answer) yet if I wait and talk, the receiving party hears me. Also, some numbers just get a fast busy when they call my telo.

Any further info on this issue?

[sgrunspan]

No, I called tech support and it was a totally demoralizing experience. I love ooma. The teleo is my second ooma, and I have had, almost uniformly positive experiences with ooma tech support. But the people I spoke with about this issue were so over their heads, i.e. they had me change the QoS settings on the ooma, despite the fact that I told them the ooma is behind the sonicwall. I thought I misunderstood them so I asked if they wanted me to place the ooma in front of the firewall, and they said no. After that didn't work I was told to record the numbers I was having trouble with and to call them back.
Unfortunately, there's a certain point, and I think I already past it, that the time invested in making this work costs far more than any savings I would inure from the teleo in the foreseeable future.

One thing though about the numbers though; and maybe this will help you track down what's going on. It wasn't all numbers or even all numbers of a certain kind. For instance, sprint mobile calls from CA didn't work but sprint mobile numbers from AZ did. TimeWarner VOIP calls worked but calls to a local University did not. It was all over the place. One other thing, if you capture packets to and from your teleo you will see a whole bunch of dropped RARP packets. I don't know why this is happening when I opened the ports this was trying to communicate on. Maybe a timeout? Also, every once in a awhile I would see the ooma mothership trying to connect to the teleo on a port not on the list of usual ports, this may be normal behavior, I don't know.

[stevepierce]

Yeah I am having the same problem. I can hear the dial tone but can't make ANY outbound calls.

What ports need to be open to use Ooma behind a firewall?

Steve

[sgrunspan]

Yeah I am having the same problem. I can hear the dial tone but can't make ANY outbound calls.

What ports need to be open to use Ooma behind a firewall?

Steve

No,that wasn't my problem. the title of this post is no longer accurate. I thought it was blocking outbound calls. I could hear a dial tone and the call would be placed but I wouldn't hear any ringing or the other person once they picked up the phone. They could hear me however. They could hear me but I couldn't hear them.

And, stranger still it only happened with certain numbers with no discernable pattern.

As far as the ports, there are list of the ports in one of the faqs

[KCOtreau]

I wanted to post about getting an Ooma device working behind a SonicWall since I know some people have had some problems. Frankly, I never see the Standard OS anymore, so this is for the Enhanced OS.

I have been using SonicWalls for all my customers since about 1998, so I have a lot of experience with them. Recently, my personal TZ190’s WAN port died. I reconfigured it to temporarily use the OPT port, but I was not sure I could trust it anymore, so I picked up a new Pro 2040 on eBay (cheap, YEAH!). I configured it, but my Ooma flashed red.

You can probably skip this step for now, but I will include it just in case the next NAT Policy step is not enough, or you are very particular as I am. I have always had my Ooma set to a static IP on my network, so I created a custom host “Address Object” called Ooma_Phone (Network>Address Objects>Custom Address Objects>Add). This is probably not strictly necessary, but due to the specifics of my network, I created a LAN>WAN rule specifically allowing the source I just created, Ooma_Phone, a destination of “any” with a service of “any” (Firewall>Access Rules>All Rules>Add). At this point, it still flashes red, so if the step below does not work, then I would come back and make sure I did this too.

The key to making the Ooma work is to create this custom NAT Policy (Network>NAT Policies>Custom Policy>Add): Original Source “Any”, Translated Source “WAN Primary IP”, Original Destination “Any”, Translated Destination “Original”, Original Service “Any”, Translated Service “Original”, Interface Inbound “LAN” (or “X0” for some), Interface Outbound “WAN” (or “X1” for some). Check “Enable NAT Policy”. You should be flashing blue now. This is the key, and I did not have to open ANY ports coming into my network (i.e., no WAN>LAN Access Rules). This only allows connections allowed out to find their way back in.

Although I have a new Ooma Telo sitting in a box, I am still using my Ooma Hub. I don’t believe it will make a difference, but I will post back if I need to make any changes when I go to the Telo.

Good luck,

Kevin Cotreau

[anomalocaris]

I am not the expert that Kevin is. After following Kevin's instructions I was still having issues with poor quality. My connection is 50 mb down and 10 mb up. I have three lines serviced by the OOMA TELO. I searched the internet for Config SonicWALL for VOIP. I found three videos on Firewalls.com. Access to those is free to the public. I used the information in the first video to configure bandwidth management for the OOMA Telo. My quality issues were immediately resolved. As part of trying to resolve issues I did open the ports listed by OOMA in a tech note.

Because mine is a residential installation (two voice lines and a fax line) I had no need for the info in the other two videos.