The problem usually is the one-way communication router through one trunk or another related issue.To solve the issue there are the general rules:
1. Set the UDP timeout to 90 sec or more.
2. Do not use SIP transformations (Voip section) and modify the NAT behaviour.
3. Forward all the necessary ports to PBX in LAN.
1. Click on Firewall Settings
2. Click on Advance
3. Modify the field “Default UDP Connections Timeout (seconds)”.
4. Click on Firewall
5. Click on “Access Rules”, then LAN>WAN, then Edit.
6. Modify the field “Default UDP Connections Timeout (seconds)” in the rule LAN->WAN.
7. Click on Voip, then Settings.
8. Check the flag “Enable Consistent NAT” e uncheck the flag “Enable SIP Transformations”.
The protocol used from Asterisk in SIP is UDP, that is connectionless, so the connection between the two ports (5060-14001) will be kept a certain time, because there is no way to know if the connection is terminated or not. For this reason the association will be maintained until a timeout: the default in Soniwall in 30s, less than the Asterisk default SIP registration refresh period of 60 seconds! We had increased this value more than the registration refresh period (90s).
Note: It is possible to change the Asterisk registration refresh period too, but I prefer this solution (change the configuration of Sonicwall).
All these changes are sufficient more often than not: for the unfortunate cases, then you need to directly forward all the ports used by the SIP flow communication directly from WAN to the PBX.
In the next we will redirect all the all the necessary ports to the PBX (5060/UDP and the range from 10000/UDP to 20000/UDP).
Firewall -> Service Objects
Create two new Custom Service Objects: PbxSipSegn & PbxSipStreamVoce.
Create one new Custom Address Objects using the LAN IP of the PBX (in my case 172.18.49.200).
After creating the necessary objects now let’s change the firewall rules: add a new rule WAN->LAN.
The last step: we have to create the NAT policy.
Externip = <External ip address>
localnet = <Network address of the LAN network/Subnet Mask>
In the trunk conf you must add the next parameter.
nat = yes