1. Disable SIP ALG:

For SonicOS 7.X

1. Navigate to Network | VOIP | Settings 
   
2. Enable Consistent NAT
   
3. Disable the option Enable SISP Transformations
   
   
   
   
   
   
   
   
   

   Consistent NAT enhances standard NAT policy to provide greater compatibility with peer-to-peer applications that require a consistent IP address to connect to, such as VoIP. Consistent NAT uses an MD5 hashing method to consistently assign the same mapped public IP address and UDP Port pair to each internal private IP address and port pair. 
   
   
4. Navigate to Policy | Access  rules | Edit the LAN to WAN Access rule (Source zone here is LAN, you need to select the zone in which your phones are located), and change the UDP timeout from default 30 seconds to 120 seconds.

For SonicOS 6.5

1. Navigate to MANAGE | VoIP
   
2. Click on VoIP
   
   
   
3. Enable the Check-box, Enable consistent NAT.
   
   
   
   
   

   Consistent NAT enhances standard NAT policy to provide greater compatibility with peer-to-peer applications that require a consistent IP address to connect to, such as VoIP. Consistent NAT uses an MD5 hashing method to consistently assign the same mapped public IP address and UDP Port pair to each internal private IP address and port pair.  
   
   
4. Disable the check box, Enable SIP Transformations.
   
   
   Optionally, Change the UDP timeout on the LAN to WAN Access rule.
   
   
   
5. Navigate to Manage | Rules |Access Rules |Edit the LAN to WAN Access rule, (Source zone here is LAN, you need to select the zone in which your phones are located), and change the UDP timeout from default 30 seconds to 120 seconds.
   
   

2. Enable WAN BWM (Bandwidth Management)

For SonicOS 7.X

1.  Navigate to Network | System| Interfaces and on the right side of the screen open the configure menu for the desired WAN Interface.
   
        
   
   
2. Navigate to Advanced tab an Enable both the Ingress and Egress Bandwidth Limitation checkboxes.
   
                  
   
   
3. Input the Ingress and Egress Speeds of your WAN in Kbps. If you're unsure of these values, contact your ISP.
4. Click OK.

3. Enable BWM on WAN

Click the configure pencil located next to your primary WAN connection

Under the bandwidth management section, check both enable Egress and Ingress.  Egress is the upload speed of your internet connection.  Ingress is the download speed.  Best practice is to run a speed test before setting these options.  The example below shows a 100MBPS download and 35MBPS upload speed connection.

4. Create LAN > WAN Firewall Rule to Allow and Prioritize Traffic

You are going to create a rule that allows all traffic to our server as seen in the screen shots below.  Under the destination submenu click "create new network" to add our servers.  You will build this rule three times, two using our NJ servers FQDN of core2-nj.syntelsolutions.com & core-nj.syntelsolutions.com, and the third rule will use our FL server of core-fl.syntelsolutions.com

Then under the QOS tab, change DSCP to "Explicit"

Under the BWM tab, check enable Egress and ingress, under the drop down you will create a new bandwidth object.  You will use this for both inbound and outbound firewall rules as you will see later.  The best rule of thumb is to guarantee about 25% of the bandwidth to the phones, and to allow 100% if needed.  This way phone calls always will have priority, but not use the entire connection when not in use.