Add and merge SIP ALG sections, move software firewall section to sof…

…tware section (#165) * Create edgerouterx_alg.rst * Update hardware.rst * Update edgerouterx_alg.rst * Update edgerouterx_alg.rst * Update firewall_devices.rst * Update asus_rt_ac66u_sip_alg.rst * Update cisco_ea6500.rst * Update sonicwall_tz_soho_sip_alg.rst * Update hardware.rst * Update firewall.rst * Update software.rst * Update edgerouterx_alg.rst * Update conf.py * Update edgerouterx_alg.rst * Update asus_rt_ac66u.rst * Update edgerouterx.rst * Update sonicwall_tz_soho.rst * Update zyxel.rst * Update hardware.rst * Update asus_rt_ac66u.rst * Update edgerouterx.rst * Update sonicwall_tz_soho.rst * Update zyxel.rst * Update zyxel.rst * Update asus_rt_ac66u.rst * Update asus_rt_ac66u.rst * Update asus_rt_ac66u.rst * Update asus_rt_ac66u.rst * Update cisco_ea6500.rst
fusionpbx · Jan 6, 2019 · 6360bbc · 6360bbc
1 parent e8c21cf
commit 6360bbc
Show file tree

Hide file tree

Showing 14 changed files with 322 additions and 80 deletions.
diff --git a/source/conf.py b/source/conf.py
@@ -101,7 +101,7 @@ def pygments_monkeypatch_style(mod_name, cls):
 
 # General information about the project.
 project = u'FusionPBX Docs'
-copyright = u'2008-2018, Mark J Crane'
+copyright = u'2008-2019, Mark J Crane'
 
 # The version info for the project you're documenting, acts as replacement for
 # |version| and |release|, also used in various other places throughout the

diff --git a/source/firewall.rst b/source/firewall.rst
@@ -23,32 +23,4 @@ Firewall
   firewall/pf.rst
 
 
-Firewall Devices
-=====================
-
-Firewall device settings that help with SIP connections.
-
-.. toctree::
-   :maxdepth: 4
-
-  hardware/firewall_devices/asus_rt_ac66u.rst  
-  firewall/firewall_devices/edgerouterx.rst
-  firewall/firewall_devices/pfsense.rst
-  firewall/firewall_devices/sonicwall_tz_soho.rst
-  firewall/firewall_devices/zyxel.rst
-
-
-
-Firewall Devices ALG
-========================
-
-Most of the time this setting is set to off or disabled and varies. Rarely this should be enabled. Below is a list a devices that need setting changes to address SIP ALG issues.
-
-.. toctree::
-   :maxdepth: 4
-
-  firewall/firewall_devices/asus_rt_ac66u_sip_alg.rst
-  firewall/firewall_devices/cisco_ea6500.rst
-  firewall/firewall_devices/sonicwall_tz_soho_sip_alg.rst
-  firewall/firewall_devices/zyxel_sip_alg.rst
 
diff --git a/source/firewall/firewall_devices.rst b/source/firewall/firewall_devices.rst
@@ -11,25 +11,23 @@ Firewall device settings that help with SIP connections.
 .. toctree::
    :maxdepth: 4
 
-  hardware/firewall_devices/asus_rt_ac66u.rst  
+  hardware/firewall_devices/asus_rt_ac66u.rst
+  firewall/firewall_devices/asus_rt_ac66u_sip_alg.rst
+  firewall/firewall_devices/cisco_ea6500.rst
   firewall/firewall_devices/edgerouterx.rst
+  firewall/firewall_devices/edgerouterx_alg.rst
   firewall/firewall_devices/pfsense.rst
   firewall/firewall_devices/sonicwall_tz_soho.rst
+  firewall/firewall_devices/sonicwall_tz_soho_sip_alg.rst
   firewall/firewall_devices/zyxel.rst
+  firewall/firewall_devices/zyxel_sip_alg.rst
 
 
 
-Firewall Devices ALG
-========================
 
-Most of the time this setting is set to off or disabled and varies. Rarely this should be enabled. Below is a list a devices that need setting changes to address SIP ALG issues.
-
-.. toctree::
-   :maxdepth: 4
-
-  firewall/firewall_devices/asus_rt_ac66u_sip_alg.rst
-  firewall/firewall_devices/cisco_ea6500.rst
-  firewall/firewall_devices/sonicwall_tz_soho_sip_alg.rst
-  firewall/firewall_devices/zyxel_sip_alg.rst
+
+
+
+
 
 
diff --git a/source/firewall/firewall_devices/asus_rt_ac66u.rst b/source/firewall/firewall_devices/asus_rt_ac66u.rst
@@ -1,16 +1,14 @@
-##############
+###############
 ASUS RT-AC66U
-##############
-
+###############
 
 
 This guide was created for the ASUS RT-AC66U router with Firmware Version 3.0.0.4.380_8120.  FusionPBX is in the cloud with a public IP, and the ASUS RT-AC66U router is at the customer’s location with the extensions behind it.  The RT-AC66U is a “prosumer” grade router.  It has good performance for the dollar and is a good choice for home offices.
 
-
 
-How to setup QoS
 
-
+How to setup QoS
+^^^^^^^^^^^^^^^^^^
 
 First, enable the QoS feature:
 
@@ -38,13 +36,40 @@ Next, assign the QoS rules.
 .. Note::
 
  An important note regarding Priorities
-
 
-
  Another important area is the “user-defined priorities” section of Traffic Manager – QoS.  As you can see, the default rules     give a very large amount of the bandwidth share to the highest priority.  This is very likely excessive for VOIP traffic.  We don’t need much bandwidth, we just need to make sure we get prioritized traffic.  You should adjust these to suit your environment.
 
 
 .. image:: ../../_static/images/firewall/fusionpbx_asus_traffic_manager_qos_note.png
         :scale: 85%
 
 
+
+
+ASUS RT-AC66U SIP ALG
+^^^^^^^^^^^^^^^^^^^^^^
+
+
+This guide was created for the ASUS RT-AC66U router with Firmware Version 3.0.0.4.380_8120.  FusionPBX is in the cloud with a public IP, and the ZyXEL USG60 router is at the customer’s location with the extensions behind it.  The RT-AC66U is a “prosumer” grade router.  It has good performance for the dollar and is a good choice for home offices.
+
+
+
+How to Disable SIP ALG
+
+* Log into the router
+* On the left nav menu, click “WAN”
+* Click the “NAT Passthrough” tab at the top-right
+* Set “SIP Passthrough” to Disable
+* Click Apply
+* Reboot the router.
+
+
+
+This part is a little confusing.  It seems that ASUS has either reversed the meaning of SIP Passthrough or changed how it works over a few firmware releases.  At any rate, if you have difficulties with Audio or Registrations, you can try toggling this setting.  With these home-grade routers you should perform a full reboot in order to clear the tables before testing the phones.
+
+.. image:: ../../_static/images/firewall/fusionpbx_asus_sip_alg.png
+        :scale: 85%
+
+
+
+
diff --git a/source/firewall/firewall_devices/asus_rt_ac66u_sip_alg.rst b/source/firewall/firewall_devices/asus_rt_ac66u_sip_alg.rst
@@ -1,6 +1,6 @@
-###############
-ASUS RT-AC66U
-###############
+######################
+ASUS RT-AC66U SIP ALG
+######################
 
 
 This guide was created for the ASUS RT-AC66U router with Firmware Version 3.0.0.4.380_8120.  FusionPBX is in the cloud with a public IP, and the ZyXEL USG60 router is at the customer’s location with the extensions behind it.  The RT-AC66U is a “prosumer” grade router.  It has good performance for the dollar and is a good choice for home offices.

diff --git a/source/firewall/firewall_devices/cisco_ea6500.rst b/source/firewall/firewall_devices/cisco_ea6500.rst
@@ -1,5 +1,5 @@
 ##############
-Cisco EA6500
+Cisco EA6500 
 ##############
 
 
@@ -8,6 +8,7 @@ This guide was created using a Cisco EA6500 (Linksys AC1750) series router.
 
 
 How to Disable SIP ALG
+^^^^^^^^^^^^^^^^^^^^^^^
 
 Log into the router and navigate to Connectivity -> Administration -> Application Layer Gateway
 

diff --git a/source/firewall/firewall_devices/edgerouterx.rst b/source/firewall/firewall_devices/edgerouterx.rst
@@ -75,3 +75,93 @@ Scenerio: Router A is the primary router that has a public IP address and a LAN
         :scale: 85%
 
 
+
+
+Ubiquiti EdgerouterX SIP ALG
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+In some scenerios you may have to turn off SIP ALG.  
+
+
+
+
+Check if SIP ALG is running
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* **Command:** lsmod | grep sip
+
+
+
+
+::
+ 
+  shwim@ubnt:~$ lsmod | grep sip
+  nf_nat_sip              8853  0
+  nf_conntrack_sip       21773  1 nf_nat_sip
+  nf_nat                 13284  10 nf_nat_ftp,nf_nat_sip,ipt_MASQUERADE,nf_nat_proto_gre,nf_nat_h323,nf_nat_ipv4,nf_nat_pptp,nf_nat_tftp,xt_nat,iptable_nat
+  nf_conntrack           62604  18 nf_nat_ftp,nf_nat_sip,xt_CT,nf_conntrack_proto_gre,ipt_MASQUERADE,nf_nat,nf_nat_h323,nf_nat_ipv4,nf_nat_pptp,nf_nat_tftp,xt_conntrack,nf_conntrack_ftp,nf_conntrack_sip,iptable_nat,nf_conntrack_h323,nf_conntrack_ipv4,nf_conntrack_pptp,nf_conntrack_tftp
+  shwim@ubnt:~$
+
+ 
+This shows that SIP ALG is running in the example above.
+
+
+Disable SIP ALG
+^^^^^^^^^^^^^^^^^
+
+To disable SIP ALG:
+
+* Either click on the CLI button from the Ubiquiti EdgerouterX GUI or via you favorite SSH client to the EdgerouterX.
+* **Then type:** configure
+* **Then type:** set system conntrack modules sip disable
+* **Then type:** commit
+* **Then type:** save
+* **Then type:** exit
+
+::
+
+ root@ubnt:/home/shwim# configure
+ [edit]
+ root@ubnt# set system conntrack modules sip disable
+ [edit]
+ root@ubnt# commit
+ [edit]
+ root@ubnt# save
+ Saving configuration to '/config/config.boot'...
+ Done
+ [edit]
+ root@ubnt# exit
+
+Enable SIP ALG
+^^^^^^^^^^^^^^^^^
+
+To enable SIP ALG:
+
+* Either click on the CLI button from the Ubiquiti EdgerouterX GUI or via you favorite SSH client to the EdgerouterX.
+* **Then type:** configure
+* **Then type:** set system conntrack modules sip enable-indirect-media
+* **Then type:** set system conntrack modules sip enable-indirect-signalling
+* **Then type:** commit
+* **Then type:** save
+* **Then type:** exit
+
+::
+
+ root@ubnt:/home/shwim# configure
+ [edit]
+ root@ubnt# set system conntrack modules sip enable-indirect-media
+ [edit]
+ root@ubnt# set system conntrack modules sip enable-indirect-signalling
+ [edit]
+ root@ubnt# commit
+ [edit]
+ root@ubnt# save
+ Saving configuration to '/config/config.boot'...
+ Done
+ [edit]
+ root@ubnt# exit
+
+.. note::
+
+   set system conntrack modules sip port <1-65535> will change the sip port number  
+
diff --git a/source/firewall/firewall_devices/edgerouterx_alg.rst b/source/firewall/firewall_devices/edgerouterx_alg.rst
@@ -0,0 +1,89 @@
+##############################
+Ubiquiti EdgerouterX SIP ALG
+##############################
+
+In some scenerios you may have to turn off SIP ALG.  
+
+
+
+
+Check if SIP ALG is running
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* **Command:** lsmod | grep sip
+
+
+
+
+::
+ 
+  shwim@ubnt:~$ lsmod | grep sip
+  nf_nat_sip              8853  0
+  nf_conntrack_sip       21773  1 nf_nat_sip
+  nf_nat                 13284  10 nf_nat_ftp,nf_nat_sip,ipt_MASQUERADE,nf_nat_proto_gre,nf_nat_h323,nf_nat_ipv4,nf_nat_pptp,nf_nat_tftp,xt_nat,iptable_nat
+  nf_conntrack           62604  18 nf_nat_ftp,nf_nat_sip,xt_CT,nf_conntrack_proto_gre,ipt_MASQUERADE,nf_nat,nf_nat_h323,nf_nat_ipv4,nf_nat_pptp,nf_nat_tftp,xt_conntrack,nf_conntrack_ftp,nf_conntrack_sip,iptable_nat,nf_conntrack_h323,nf_conntrack_ipv4,nf_conntrack_pptp,nf_conntrack_tftp
+  shwim@ubnt:~$
+
+ 
+This shows that SIP ALG is running in the example above.
+
+
+Disable SIP ALG
+^^^^^^^^^^^^^^^^^
+
+To disable SIP ALG:
+
+* Either click on the CLI button from the Ubiquiti EdgerouterX GUI or via you favorite SSH client to the EdgerouterX.
+* **Then type:** configure
+* **Then type:** set system conntrack modules sip disable
+* **Then type:** commit
+* **Then type:** save
+* **Then type:** exit
+
+::
+
+ root@ubnt:/home/shwim# configure
+ [edit]
+ root@ubnt# set system conntrack modules sip disable
+ [edit]
+ root@ubnt# commit
+ [edit]
+ root@ubnt# save
+ Saving configuration to '/config/config.boot'...
+ Done
+ [edit]
+ root@ubnt# exit
+
+Enable SIP ALG
+^^^^^^^^^^^^^^^^^
+
+To enable SIP ALG:
+
+* Either click on the CLI button from the Ubiquiti EdgerouterX GUI or via you favorite SSH client to the EdgerouterX.
+* **Then type:** configure
+* **Then type:** set system conntrack modules sip enable-indirect-media
+* **Then type:** set system conntrack modules sip enable-indirect-signalling
+* **Then type:** commit
+* **Then type:** save
+* **Then type:** exit
+
+::
+
+ root@ubnt:/home/shwim# configure
+ [edit]
+ root@ubnt# set system conntrack modules sip enable-indirect-media
+ [edit]
+ root@ubnt# set system conntrack modules sip enable-indirect-signalling
+ [edit]
+ root@ubnt# commit
+ [edit]
+ root@ubnt# save
+ Saving configuration to '/config/config.boot'...
+ Done
+ [edit]
+ root@ubnt# exit
+
+.. note::
+
+   set system conntrack modules sip port <1-65535> will change the sip port number  
+
diff --git a/source/firewall/firewall_devices/sonicwall_tz_soho.rst b/source/firewall/firewall_devices/sonicwall_tz_soho.rst
@@ -67,3 +67,25 @@ Now that we have our Service and Object, we can create a firewall rule and apply
 
 Save your settings and give it a try!       
 
+
+SonicWall TZ-SOHO SIP ALG
+^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+
+This guide was created for the SonicWall TZ-SOHO router with Firmware Version 6.5.0.1-14n. This has the newer GUI version and looks quite a bit different than the GUI that had been used in previous years.  FusionPBX is in the cloud with a public IP, and the TZ-SOHO router is at the customer’s location with the extensions behind it.
+
+
+
+How to Disable SIP ALG
+
+* Log into the router
+* Click the MANAGE tab at the top
+* On the left menu, go to System Setup-> VOIP
+* Check the “Enable consistent NAT” box
+* Uncheck the “Enable SIP Transformations” box
+* Click ACCEPT
+
+
+.. image:: ../../_static/images/firewall/fusionpbx_sonicwall.png
+        :scale: 85%
+
diff --git a/source/firewall/firewall_devices/sonicwall_tz_soho_sip_alg.rst b/source/firewall/firewall_devices/sonicwall_tz_soho_sip_alg.rst
@@ -1,6 +1,6 @@
-##################
-SonicWall TZ-SOHO
-##################
+##########################
+SonicWall TZ-SOHO SIP ALG
+##########################
 
 
 This guide was created for the SonicWall TZ-SOHO router with Firmware Version 6.5.0.1-14n. This has the newer GUI version and looks quite a bit different than the GUI that had been used in previous years.  FusionPBX is in the cloud with a public IP, and the TZ-SOHO router is at the customer’s location with the extensions behind it.