Skip to main content

Router Configurations

All Router Configurations Articles
  • Configuration for Watchguard System Manager (WSI) Firewalls

    Note: We have had frequent issues with the Watchguard OS. This device is not one of our recommended network firewalls. 

    Use these resources to get started: 

    1. Traffic Shaping/QoS for VolP

    Recommended Configuration Changes

    • Add an explicit alias and firewall rule set (TO & FROM) for Weave with the IP Addresses or FQDN that we will provide during onboarding. Allow Any traffic from Weave IPs to ensure proper bidirectional communication
    • We highly recommend moving the Weave Firewall policy you created to the top of your Sequence policy order.
    • Set up Traffic Shaping/QoS (we use DSCP 26(SIP) & 46 (Real-Time Media)) to prioritize voice traffic
    • Configure Default Packet Handling settings and uncheck the following configurations
      • Block Port Space Probes or Block Port Scan
      • Block Address Space Probes or Block IP Scan
    • Configure Global Networking settings
      • System > Global Settings > Uncheck all SIX checkboxes in the ICMP Error Handling section
      • Uncheck the checkboxes labeled Enable TCP SYN Packed and connection state verification
      • Select No Adjustment for TCP Max segment size control
    • Finish setup with a File > Reboot to restart network devices with newly added settings/configurations
    Read more
  • Configuration for Sophos Firewalls

    Weave phones work well with Sophos firewalls. This guide details the necessary changes for Sophos firewalls. There are several important settings to verify that the Sophos is configured correctly.

    sophos.png

    Use these resources to get started: 

    1. VolP Implementation Guide
    2. Traffic Shaping/QoS for VolP

    Recommended Configuration Changes

    • Disable SIP ALG
    • Create a New Network Definition and Explicit Firewall rule with our Weave FQDN/IP Addresses that will be provided during onboarding
    • Go to Advanced Threat Protection and ensure you select our Weave IPs to ensure we can bidirectionally pass traffic without issue
    • Set up Traffic Shaping/QoS (we use DSCP 26(SIP) & 46 (Real-Time Media)) to prioritize voice traffic

     

    Read more
  • Configuration for Watchguard Fireware Web UI

    Note: We have had frequent issues with the Watchguard OS. This device is not one of our recommended network firewalls. 

    Use these resources to get started: 

    1. Traffic Shaping/QoS for VolP

    Recommended Configuration Changes

    • Add an explicit alias and firewall rule set (TO & FROM) for Weave with the IP Addresses or FQDN that we will provide during onboarding. Allow Any traffic from Weave IPs to ensure proper bidirectional communication
    • We highly recommend moving the Weave Firewall policy you created to the top of your Sequence policy order.
    • Set up Traffic Shaping/QoS (we use DSCP 26(SIP) & 46 (Real-Time Media)) to prioritize voice traffic
    • Configure Dangerous Activities settings and uncheck the following configurations
      • Block Port Space Probes or Block Port Scan
      • Block Address Space Probes or Block IP Scan
    • Configure Global Networking settings
      • System > Global Settings > Uncheck all SIX checkboxes in the ICMP Error Handling section
      • Uncheck the checkboxes labeled Enable TCP SYN Packed and connection state verification
      • Select No Adjustment for TCP Max segment size control
      Read more
    • Configuration for D-Link DIR Series

      Weave phones work well with D-Link DIR series routers as long as the following configuration options are set. 

      D-Link_wordmark.svg.png

      Recommended Configuration Changes

      • Ensure the latest firmware update is installed 
      • In the NAT Endpoint Filtering section, change the following:
        • Change UDP Endpoint Filtering to Endpoint Independent
        • Change TCP Endpoint Filtering to Endpoint Independent
      • In the Application Level Gateway (ALG) Configuration section, change the following:
        • Uncheck the checkbox labeled SIP
        • Uncheck the checkbox labeled RTSP
      Read more
    • Configuration for Netgear ProSafe Routers

      Weave phones work well with Netgear ProSafe Routers. Follow the guide below to configure the Netgear to allow Weave traffic to flow correctly.

      netgear_logo.png

      Traffic Shaping/QoS for VolP

      Go to Advanced > QoS Engine. This will bring up your QoS settings (bandwidth management). Here is our information needed to configure:

      Weave's FQDN: allow.us1.weavephone.net/

      If the router doesn't support FQDN, you will need to add all of these Weave IP Addresses to your router/firewall (A list).

      If you'd like to create rule sets based on specific ports, here are the ones we use:

      Signaling

      443 (TCP) - Weave Software and Phone Configuration/Provisioning

      5060/5061 (TCP/UDP) - SIP

      5222 (TCP/UDP) - SIP Signaling

      7000 (UDP/TCP - SIP Signaling

      RTP Ports

      16384-40000 (UDP) - Real Time Voice

      Recommended Configuration Changes

      • Ensure SIP ALG is disabled (Netgear Portal > Advanced > WAN Setup)

       

      Read more
    • Configuration for SonicWALL

      This guide details the configuration for SonicWALL routers. 

      sonicwall-vector-logo.png

      Use these resources to get started:

      1. VolP Implementation Guide
      2. Traffic Shaping/QoS for VolP

      Recommended Configuration Changes

      • Verify that WAN Interface is receiving a public IP Address
      • In the VolP Section > Settings > General Settings > Check the box for Enable Consistent NAT
      • Ensure the SonicWall has enough resources to perform Deep Packet Inspection if you are going to use it, or disable DPI for voice traffic
      • Disable SIP ALG
      • In the Security Service Section > Intrusion Prevention tab > uncheck the Prevent ALL checkbox for low priority attacks (known to cause voice quality issues)
      • You will need to build an Outbound firewall rule for Weave Traffic using our FQDN that will be provided during onboarding
      Read more
    See all 21 articles