Router Configurations

All Router Configurations Articles
  • Required Configuration for Watchguard System Manager (WSI) Firewalls

    Note: We have had frequent issues with the Watchguard OS. This device is not one of our recommended network firewalls. 

    Make sure that the Watchguard firewall has the latest firmware version applied to it. Some older firmware versions do not have the ability to add the FQDN aliases without it we are unable to optimize the device for Weave traffic.

    Please, be sure to use the WatchGuard sizing tool (available here)when installing Weave for an office. We have seen many cases were the firewall is not sized correctly and causes call quality issues and dropped calls.

    Watchguard System Manager (WSM) Instructions

    1. In the WSM, click on Tools > Policy Manager from the menu at the top

    2.  In the newly opened Policy Manager, click Setup > Aliases

    3. Add aliases

    • Click the Add button on the right of the Aliases box

    • Click the Add button to the right of the Alias Members box

    • Select FQDN in the Choose Type drop down box

    • Enter allow.us1.weavephone.net in the Value field

    • Press OK three times to return to the main Policy Manager Window

    Screen Shot 2021-01-27 at 8.13.35 PM.png

    4. Add policy properties

    • Click the plus icon (+) in the tool bar at the top of the Policy Manager

    • Click the plus symbol (+) next to Packet Filters in the Add Policy window in order to expand the packet filter options

    • Select the Any option from the packet filter list

    • Click the Add button at the bottom of the Add Policies window

    • Change the text in the Name box from Any to Traffic to Weave in the New Policy Properties window

    • Modify the From section to only show the value Any using the ADD/EDIT/REMOVE buttons below the FROM section

    • Modify the TO section to only show the value Weave IPs using the ADD/EDIT/REMOVE buttons below the TO section

    • Click the OK button at the bottom of the New Policy Properties window

    5. Add policies continued:

    • Again, select the Any option from the packet filter list

    • Again, click the Add button at the bottom of the Add Policies window

    • Change the text in the Name box from Any to Traffic from Weave in the New Policy Properties window

    • Modify the From section to only show the value Weave IPs using the ADD/EDIT/REMOVE buttons below the FROM section

    • Modify the TO section to only show the value Any using the ADD/EDIT/REMOVE buttons below the TO section

    • Click the OK button at the bottom of the New Policy Properties window

    • Click the Close button at the bottom of the Add Policies window

    Note: "Any" and "Weave IPs" are reversed from the "Traffic to Weave" rule

    6. In the Policy Manager, click View Auto-Order Mode

    7. Click Yes when prompted

    8. Sequence To and From policies

    • Click and drag the Traffic to Weave policy to the top of the list
    • Click and drag the Traffic from Weave policy to #2 on the list

    9. In the Policy Manager, click Setup > Default Threat Protection > Default Packet Handling

    10. Verify Default Packet Handling settings

    • Uncheck the checkbox labeled either Block Port Space Probes or Block Port Scan

    • Uncheck the checkbox labeled either Block Address Space Probes or Black IP Scan

    • Click the OK button on the top right of the window

    11. In Policy Manager, click Setup > Global Settings

    12. Verify Networking Settings

    • Uncheck ALL SIX checkboxes in the ICMP Error Handling section

    • Uncheck the checkboxes labeled Enable TCP SYN packet and connection state verification under the TCP Settings section

    • Select No Adjustment in the section labeled TCP maximum segment size control

    • Click the OK button at the bottom of the page

    13. Save to Firebox

    • In Policy Manager, click File > Save > To Firebox

    • Enter your password and click OK when prompted (note: you may also be prompted to save the config to a file)

    14. Close out of the Policy Manager using the X in the upper right-hand corner and return to the WSM window

    15. In WSM, click Tools > Firebox System Manager

    16. In the newly opened Firebox System Manager (FSM), click File > Reboot

    Read more
  • Required Configuration for Sophos Firewalls

    Weave phones work well with Sophos firewalls. This guide details the necessary changes for Sophos firewalls. There are several important settings to verify that the Sophos is configured correctly:

    1. On the left-hand menu, click Definitions & Users > Network Definitionsthen click the button labeled New Network Definition

    2. Check definition section, DNS group and proper name fields:

    • In the Add Network Definition section, choose DNS group from the dropdown box labeled Type

    • In the Name field enter: Weave IPs

    • In the Hostname field enter: allow.us1.weavephone.net

    • Click Save

    Screen Shot 2021-01-27 at 8.24.43 PM.png

    3. Firewall and new rule

    • On the left-hand menu, click Network Protection >> Firewall

    • Click the button labeled New Rule

    4. Click the folder icon in the Sources field

    5. Sources, services, and destinations: 

    • Click and drag Internal (Network) from the left-hand Networks menu into the Sources box

    • Click and drag Weave IPs from the left-hand Networks menu into the Destinations box

    • Click the folder icon in the Services field

    6. Click and drag Any from the left-hand Services menu into the Services box and click Save 

    7. Enabling new rule

    • Click the red X in the upper right corner of the left-hand Services menu

    • Click the toggle switch next to the new Weave IPs firewall rule that was just created, in order to enable the rule

    8. Confirm that the new firewall rule shows enabled

    9. Advanced Threat Protection

    • Click Advanced Protection

    • Click Advanced Threat Protection

    • Click the folder next to Network/Host Exceptions: Select Weave IP's

    Screen Shot 2017-08-25 at 3.49.31 PM.png

     

    Read more
  • Required Configuration for Peplink Routers

    Weave phones work well with Peplink firewalls. There are several important settings to verify that the Peplink is configured correctly. This guide details the necessary changes for Peplink firewalls

    Peplink Router Configuration

    1. Click the Network tab on the top navigation bar

    2. Click on Service Passthrough (under the Misc. Settings section in the lefthand menu)

    3. Set SIP to Compatibility Mode

     

    When complete, continue: 

    1.    Click the Network Tab on the top navigation bar
    2.    Click on Application (under the QOS section in the lefthand menu)
    3.    Uncheck the Enable checkbox under DSL/Cable Optimization

     

    peplink qos.png

    Note: Disable Secondary WAN connection if there is one OR create rule to ensure that all phone traffic goes through same WAN interface (may not be necessary - unconfirmed until further testing)

    Read more
  • Required Configuration for Watchguard Fireware Web UI

    Note: We have had frequent issues with the Watchguard OS. This device is not one of our recommended network firewalls. 

    Make sure that the Watchguard firewall has the latest firmware version applied to it. Some older firmware versions do not have the ability to add the FQDN aliases without it we are unable to optimize the device for Weave traffic.

    Please, be sure to use the WatchGuard sizing tool (available here) when installing Weave for an office. We have seen many cases were the firewall is not sized correctly and causes call quality issues and dropped calls.

    Fireware Web UI Instructions

    1. Add alias

    • In the Fireware Web UI, click on Firewall > Aliases in the left-hand menu
    • Click the Add button

    2. Add alias continued

    • Enter Weave IPs in the Name box

    • Click the Add button in the Alias Members section

    wg_web_namealias.png

    3.  Select FQDN in the Member type dropdown box and enter allow.us1.weavephone.net in the box below (as shown), click OK

    Screen Shot 2021-01-27 at 8.12.30 PM.png

    4.  Confirm that the Alias Members section now contains the FQDN (allow.us1.weavephone.net), click the Save button

    Screen Shot 2021-01-27 at 8.13.00 PM.png

    5.  Add policy

    • In the Fireware Web UI, click on Firewall > Firewall Policies in the left-hand menu

    • Click the Add Policy button

    6.  Select Weave Packet Filter

    • In the Select a policy type section, select Any in the Packet Filter dropdown

    • Change the text in the Policy Name box at the top of the page from Any to Weave Traffic

    • Click the Add Policy button at the bottom of the page

    7.  Modify From and To fields

    • Enter Traffic to Weave in the Name box at the top of the page

    • Modify the From section to only show the value Any using the ADD/REMOVE buttons below the FROM section

    • Modify the TO section to only show the value Weave IPs using the ADD/REMOVE buttons below the TO section

    • Click the Save button at the bottom of the page

    8. Click the Add Policy button again

    9. Modify From and To fields - continued

    • Enter Traffic from Weave in the Name box at the top of the page

    • Modify the From section to only show the value Weave IPs using the ADD/REMOVE buttons below the FROM section

    • Modify the TO section to only show the value Any using the ADD/REMOVE buttons below the TO section

    • Click the Save button at the bottom of the page

    wg_fw_policy_from_config.png

    10. Sequence policy order

    • Check the checkbox next to the Traffic to Weave policy and then click the MOVE UP button at the bottom of the page until the Traffic to Weave is in position #1 at the top of the list. Uncheck the checkbox next to the Traffic to Weave policy

    • Check the checkbox next to the Traffic from Weave policy and then click the MOVE UP button at the bottom of the page until the Traffic from Weave is in position #2 on the list. Uncheck the checkbox next to the Traffic from Weave policy

    • Click the Save Policy Order button near the bottom of the page

    ***Important Note: If the button at the bottom of the screen says, "Disable Policy Auto-Order Mode", you must first click this button to enable manual ordering.

    11. Configure Dangerous Activities settings

    • In the Fireware Web UI, click on Firewall > Default Packet Handling in the left-hand menu

    • Uncheck the checkbox labeled either Block Port Space Probes or Block Port Scan

    • Uncheck the checkbox labeled either Block Address Space Probes or Block IP Scan

    • Click the Save button at the bottom of the page

    12. Configure Global Networking settings

    • In the Fireware Web UI, click on System > Global Settings in the left-hand menu

    • Uncheck ALL SIX checkboxes in the ICMP Error Handling section

    • Uncheck the checkboxes labeled Enable TCP SYN packet and connection state verification under the TCP Settings section

    • Select No Adjustment in the section labeled TCP maximum segment size control

    • Click the Save button at the bottom of the page

    13. Reboot the system

    • In the Fireware Web UI, click on Dashboard > Front Panel in the left-hand menu

    • Click the Reboot button on the right side of the page

      Read more
    • Required Configuration for D-Link DIR Series

      Weave phones work well with D-Link DIR series routers as long as they following configuration options are set. Below is a detailed guide to configuring the D-Link series router.

      1. Upgrade to the latest version of D-Link firmware for your router
      2. Click on the Advanced tab on the top navigation bar
      3. Click on Firewall Settings on the left-hand menu
      4. In the NAT Endpoint Filtering section, change the following:
        • Change UDP Endpoint Filtering to Endpoint Independent
        • Change TCP Endpoint Filtering to Endpoint Independent
      5. In the Application Level Gateway (ALG) Configuration section, change the following:
        • Uncheck the checkbox labeled SIP
        • Uncheck the checkbox labeled RTSP
      6. Save the configuration and reboot

       

      Read more
    • Required Configuration for Netgear ProSafe Routers

      Weave phones work well with Netgear ProSafe Routers. There is just one important setting to verify that the Netgear is configured correctly. Follow the guide below to configure the Netgear to allow Weave traffic to flow correctly.

      1. In the main menu, under Advanced, click WAN Setup
      2. Check the checkbox labeled Disable SIP ALG
      3. Click the Apply button
      netgear.jpg

       

      Read more
    See all 22 articles