Need extra help installing your Ooma Hub or Telo system? Let us know.
#30056 by sleepmassa
Fri Oct 30, 2009 12:20 am
I hooked up my new Ooma Telo behind my router.
Everything worked except me being able to hear other party. They could hear me.
I had my vonage hooked up in same way and it was working.
After i enabled (on my router) "consistent nat" it worked perfectly.

I would rather not have consistent nat enabled. Are there certain ports i can open up and get this to work in another way?
I saw in my router logs that the public ip address of ooma was trying to connect through my wan port via udp 3480 and udp 1303 and was getting dropped. I tried to open these ports to no avail.

For the record what ports does Ooma use for outgoing and incoming?
Do i need to route certain packets to my Ooma telo?
#30118 by Dante R
Fri Oct 30, 2009 10:38 am
Service Ports

ooma uses the following application ports for outbound data and voice traffic:
UDP 53, UDP 123, UDP 514, UDP 1194,UDP 3386, UDP 3480, UDP 10000-20000, TCP 53 and TCP 443.
#50358 by noxid8
Sat Mar 13, 2010 3:53 pm
Did you get this going without consistent NAT? I have a SonicWall also and only can get it to work by enabling consistent NAT. I tried setting up NAT policy for the ooma device to use UDP 53, UDP 123, UDP 514, UDP 1194,UDP 3386, UDP 3480, UDP 10000-20000, TCP 53 and TCP 443. Even with those ports mapped to the ooma I still can't hear anyone unless I turn consistent NAT back on.
#50377 by sfhub
Sat Mar 13, 2010 10:46 pm
Consistent NAT deals with the way your SonicWall router *changes* the *source* port used by Ooma during the NAT process of converting internal IP to external IP. It isn't dealing with a firewall issue of opening ports. It is dealing with a NAT issue of port translation so opening ports will not help.

If you don't have it enabled, SonicWall will constantly change the source port used by an Ooma request, even if the source port hasn't changed. This probably breaks some part of Ooma communication process.

I doubt you will get it working without Consistent NAT unless there are changes made by Ooma (assuming it is possible to avoid the problem) to allow it to work.

What is your concern with leaving Consistent NAT turned on?
#50437 by noxid8
Sun Mar 14, 2010 3:40 pm
Using consistent NAT causes a slight decrease in security. Most UDP-based applications are compatible with traditional NAT and don't need consistent NAT so hopefully ooma can fix it in the future. I hope they fix the need to press one to receive a forwarded calls first though :-).

#50543 by ifican
Mon Mar 15, 2010 5:26 pm
Consistent NAT is not a security risk, other then someone telling you it is. Have this someone give you a technical reason why consistent NAT is a security risk and why you should'nt use it.
#110750 by KCOtreau
Sat Jun 08, 2013 6:55 am
I wanted to post about getting an Ooma device working behind a SonicWall since I know some people have had some problems. Frankly, I never see the Standard OS anymore, so this is for the Enhanced OS.

I have been using SonicWalls for all my customers since about 1998, so I have a lot of experience with them. Recently, my personal TZ190’s WAN port died. I reconfigured it to temporarily use the OPT port, but I was not sure I could trust it anymore, so I picked up a new Pro 2040 on eBay (cheap, YEAH!). I configured it, but my Ooma flashed red.

You can probably skip this step for now, but I will include it just in case the next NAT Policy step is not enough, or you are very particular as I am. I have always had my Ooma set to a static IP on my network, so I created a custom host “Address Object” called Ooma_Phone (Network>Address Objects>Custom Address Objects>Add). This is probably not strictly necessary, but due to the specifics of my network, I created a LAN>WAN rule specifically allowing the source I just created, Ooma_Phone, a destination of “any” with a service of “any” (Firewall>Access Rules>All Rules>Add). At this point, it still flashes red, so if the step below does not work, then I would come back and make sure I did this too.

The key to making the Ooma work is to create this custom NAT Policy (Network>NAT Policies>Custom Policy>Add): Original Source “Any”, Translated Source “WAN Primary IP”, Original Destination “Any”, Translated Destination “Original”, Original Service “Any”, Translated Service “Original”, Interface Inbound “LAN” (or “X0” for some), Interface Outbound “WAN” (or “X1” for some). Check “Enable NAT Policy”. You should be flashing blue now. This is the key, and I did not have to open ANY ports coming into my network (i.e., no WAN>LAN Access Rules). This only allows connections allowed out to find their way back in.

Although I have a new Ooma Telo sitting in a box, I am still using my Ooma Hub. I don’t believe it will make a difference, but I will post back if I need to make any changes when I go to the Telo.

Good luck,

Kevin Cotreau

Who is online

Users browsing this forum: No registered users and 5 guests