Zultys with Firebox Integration Guide

Deployment Overview

Zultys MXvirtual is a fully integrated unified communication solution and IP phone system in a VMware®-Ready virtual appliance. This document describes the steps to connect your software phones behind a WatchGuard Firebox® to Zultys MXvirtual.

Platform and Software

The hardware and software used to complete the steps outlined in this document include:

  • Zultys VoIP System:
    • Zultys MXVirtual v14.0.6
    • Zultys Mobile v8.1.36
  • WatchGuard Firebox:
    • Firebox with Fireware v12.3 or higher

Test Topology

This diagram shows the test topology for this configuration. With Zultys MXVirtual in the cloud configured with dual WAN connections, on premise phones can use either WAN to connect through the Firebox.

Zultys and Firebox Topology

Configure Interfaces

To enable the dual WAN to connect to Zultys, configure two interfaces on the Firebox to allow external traffic and an internal interface to receive phone traffic.

To edit an interface, from Fireware Web UI:

  1. Select Network > Interfaces.
  2. Select an interface and click Edit.
    The Interfaces / Edit page appears.
  3. edit external interface

  4. In the Interface Name (Alias) text box, you can use the default name or change it to one that more closely reflects your own network and its own trust relationships.
    Make sure the name is unique among interface names, as well as all Mobile VPN group names and tunnel names. You can use this alias with other features, such as proxy policies, to manage network traffic for this interface.
  1. (Optional) In the Interface Description text box, type a description of the interface.
  2. From the Interface Type drop-down list, select External.
  3. In the IPv4 tab:
    1. Select Configuration Mode as Static IP,
    2. Type the IP Address and Gateway.
  4. Click Save.
  5. Repeat the configuration steps for a second external interface.
  6. Select an interface to configure as an internal interface. Direct your phone traffic through a router or WatchGuard Access Point connected to this interface.

Configure the Failover Multi-WAN Method

To configure Multi-WAN Failover:

  1. Select Network > Multi-WAN.
  2. In the Multi-WAN Mode drop-down list, select Failover.

    configure Multi-WAN

  3. Select an interface in the list and click Move Up or Move Down to set the order.
  4. Click Save.

Add a Policy

To add a firewall policy, from Fireware Web UI:

  1. Select Firewall > Firewall Policies.
    The Policies page appears.
  2. Click Add Policy.
  3. Select a policy type as Packet Filter.
  4. From the adjacent drop-down list, select TCP-UDP as the policy template.

  1. Click Add Policy.
    The Add Policy page appears.

  1. Type the Name of the policy and select Enable.
  2. Below the From section, click Add and add Any-External and Any-Optional.
  3. Below the To section, click Add and add Any-External and Any-Optional.
  4. In the Logging section, select Send a log message.
  5. Keep all other settings at their default value.
  6. Click Save.

If you have other TCP-UDP related policies, review them to avoid conflicts with this policy. You may need to move this policy higher in the order to make policy enforcement more efficient.

Review Blocked Ports

Zultys MXVirtual uses the these ports. Review your Firebox configuration to make sure they are not blocked. By default, port 7100 is blocked and must be unblocked.

  • port 5060
  • ports 7100 - 7156
  • port 7505
  • port 7778
  • port 8080
  • ports 21000-23999

To review blocked ports and unblock them:

  1. Select Firewall > Blocked Ports.
    The Blocked Ports page appears.
  2. Select the ports to unblock and click Remove.

remove blocked 7100 port

  1. Click Save.

(Optional) Configure SD-WAN

To configure SD-WAN:

  1. Select Network >SD-WAN.
  2. Click Add SD-WAN.

    The SD-WAN/ Add page appears.

    add SD-WAN

  3. In the Name text box, type a name for the SD-WAN action.
  4. In the Description text box, type a description for the SD-WAN action.
  5. Click Add.

    The Add SD-WAN Interface dialog box appears.
  6. Select one or more interfaces to include in the SD-WAN action.

  7. Click OK.

    The Add page appears.

    Select SD-WAN interfaces

  8. To use metrics to determine when an interface fails over or fails back:
    1. Select one or more measurements (Loss Rate, Latency, or Jitter).
    2. Specify a value for the measurements you selected.

      By default, failover occurs if values for any selected measurements are exceeded.
    3. To fail over only if values for all selected measurements are exceeded, select that option.
  9. To use the up/down status of an interface to determine when an interface fails over or fails back, do not select any measurements.
  10. In the Failback for Active Connections drop-down list, select No failback, Immediate failback, or Gradual failback.

Configure Zultys MXVirtual

Before you begin, make sure that users have been added and the MX Administrator is already installed.

  1. In the MXVirtual server configuration, set the IP address for Zultys. In the example, we gave the server a public IP address. You can use a private IP address but you must verify that traffic from the Firebox can reach it.
  2. set ip in MXVirtual server

  3. Log in to MX Administrator as an administrator.
  4. Select Provision > System Settings.
  5. Select Company and provide your company information. Make sure to type your IP address in the Default domain text box.
  6. system settings

  7. Select Servers. Add a DNS server.
  8. Click Apply.
  9. Select Provision > SBC.
  10. On the Networks tab, set the port from 21000 to 24999.
  11. SBC network settings

  12. In the blank space at the bottom of the list of Networks, right click and select Add a new network.
  13. Add your MXVirtual server information:
    1. Enable Port Mapping.
    2. In Public IP, type the MXVirtual IP address and subnet mask.
    3. Make sure the Port Range is set to 21000 - 24999.
  14. Select the RTP Mapping tab, and select all of the check boxes. .
  15. Click Apply.

Test the Integration

When successful, software phones located behind the Firebox connect to the Zultys server and calls are completed.

  1. Connect your phones to a router or WatchGuard Access Point. The router or Access Point must be connected to the Firebox Optional interface.
  2. Log in on a software phone. Your server address is your MXVirtual IP address.
  3. phone login

  4. Select an available user and make the call. The call should complete normally.
  5. connection build up

To validate the dual WAN from the Fireware Web UI:

  1. Select Network > Interfaces.
  2. Disable one of the external interfaces.
  3. Make sure you can complete a call.
  4. Enable the disabled interface and change it back to External.
  5. Disable the other external interface.
  6. Wait a few seconds, then make another call.
  7. Enable the disabled interface and change it back to External.

(Optional)To validate SD-WAN, add interference factors to your primary network to cause a failover. Navigate to System Status > SD-WAN status to monitor the status. The bold interface is the current interface.

SD-WAN status