From Edge Threat Management Wiki - Arista
Jump to navigationJump to search

All Untangle FAQs

How is VOIP handled?

VOIP is automatically bypassed from scanning by default. This is because VOIP data traffic is highly latency sensitive. This behavior is controlled in Config > Network > Bypass Rules. There are pre-configured rules for VOIP (both SIP and IAX2) in the "System Bypass Rules." Manual bypass rules can be added for non-standard VOIP installations. Simply add a rule to bypass the control sessions and the data sessions will also be bypassed.

My VOIP doesn't work. Why?

Some VOIP deployments use intelligent NAT traversal techniques that conflict with the VOIP NAT-fixing done inside NAT on the Untangle Server. In this case you can uncheck 'enable SIP NAT Helper' in config->networking->advanced->General. (sometimes it requires a reboot)

Does Untangle Server support Polycom video conferencing?

This technology uses H323 protocol, and Untangle does no special handling for H323. It is recommended to bypass H323 traffic. For more information, go to Bypass Rules.

Can I use VoIP over VPN?

Untangle does not recommend this configuration. VoIP over VPN can result in poor voice quality and dropped calls. For more information, go to Using VoIP with Untangle Server.

Asterisk/Trixbox behind Untangle

Asterisk-based telephony systems handle end-to-end SIP communication. In this case, disabling the SIP NAT Helper as well as the SIP Bypass Rule in the Config->Networking->Advanced section is necessary. Without these changes, outbound calls will still work, but no inbound calls will work. Remember to set Port Forwarding for the SIP port(s) and RTP port range. A reboot of Untangle is required after the changes, or unusual SIP information in the Asterisk Verbose Logging will occur such as "ss-noservice." Remember that extensions inside the network need to be set with "nat = no" or the extension will not connect.

Most VoIP providers require Registration (a good thing). If Untangle's Attack Blocker is installed, it will probably see the Registration attempts as an attack and block them. Either adding an exception to the IP of the Registration site or removing the Attack Blocker rack module will solve this problem. A nameserver lookup (on Windows: "nslookup" in the command prompt) is recommended to determine which IP is associated to the registration server.

This solution was tested with Trixbox Community Edition and Untangle 64-bit version 7.3.1.