Objective

Applies To

• Netgate pfSense Firewall

Procedure

The purpose of this article is to provide a sample configuration. At the time of article creation, this device was in a known working state on the firmware used.  Keep in mind different firmware versions will interact with hosted VoIP services in different ways. While this device may be fully functional on the tested and/or current firmware version, it is possible newer revisions will cause disruptions in service or make a device fully compliant with the required settings for hosted VoIP services where it was previously not.

Administrative Information

1. In a browser on a computer on the same network as the pfSense firewall, navigate to your pfSense IP address you have assigned to it.
2. Log in (default credentials shown below).
   • Username: admin
   • Password: pfsense

• Fimware version 2.4.3 and later

Set Conservative state table optimization

1. Go to System > Advanced
2. Click Firewall & NAT
3. Set ‘Firewall Optimization Options’ to Conservative
   
   
4. Under the ‘State Timeouts’ section set ‘UDP First, Single, and Multiple’ to 660
   
   

Set up Outbound NAT

1. Go to Firewall > NAT
2. Click Outbound
3. Set ‘Outbound Nat Mode’ to Manual Outbound NAT rule generation (AON - Advanced Outbound NAT)
   

Add 8x8 Subnets

1. Go to Firewall > Rules
2. Click LAN
     
   
3. Click Add
   
   
4. Add each 8x8 subnet one at a time. One example shown.
   
   
5. Add each 8x8 ports one at a time.                                                                  
   

Set up Traffic Shaping

1. Go to Firewall > Traffic Shaper.
2. Click Wizards.
3. Click Multiple Lan/Wan.
   
   
4. Enter the number of Wan type connections and LAN type interfaces.
   
   
5. Select HFSC for ‘Interface & Scheduler.’
6. Make sure your Upload and Download speed is set correctly, if you have an internet connection established on your pfSense, it should be set automatically. Enter your interface WAN#1 upload and download speed. (Screenshot below is an example, every network will have different up/down speed, we highly recommend working with your IT department or system administrator for the correct up/down speed for your network.)
   
7. Click Next.
8. Under the ‘Voice over IP’ section Enable Prioritize Voice over IP traffic.
9. The next Step really depends on how many users you have on your network. In this example, the network is highly unlikely that more than 5 people will have a phone call at the same time. In this step we are going to set bandwidth we want to reserve for our VOIP traffic, in this example we set the ‘Connection for WAN#1 and LAN#1’ limits to 1Mbit/s Up/Down.
   As a rule of thumb you can assume the following traffic rules:

10. Click Next.
11. The next steps are unique to each network, make sure you go through each section and check anything that pertains to your network until the get to the end of the Wizard.
12. Confirm the wizard has created the proper queues for your network by navigating back to Firewall > Traffic Shaper.
13. Click By Interface.
14. In this section, you can modify or adjust the queues that were created by the Wizard. Note, this is the fastest and easiest way of creating the Traffic Shaping rules, there are multiple ways of creating these queues. You can find more information on creating these rules by visiting the pfSense website and forums.