VoIP phones and a recommendation to enable Consistent NAT


A client's new VoIP phone provider has made some recommendations to ensure good performance, including to enable Consistent NAT. I know that SonicWALL firewalls have that setting, but is there an equivalent for WatchGuard? The client has a T35 running 12.5.7 U3 Fireware.

They also recommended increasing UDP timeout to a minimum of 300 seconds. It was at the default of 30 seconds, so I used the CLI to bump the global UDP timeout to 360 seconds. I did it globally because I do not know how to apply it to a particular policy. If I understand correctly, the "Specify custom idle timeout" setting on a particular policy's Properties tab is only for the TCP timeout, correct?

Gregg Hill


  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi Greg,

    UDP timeout is a global setting, 300 seconds (5 minutes) is fine. As a network admin, I'd ask the VoIP provide why my phone needs to reply to a UDP stream that's older than 30 seconds, but they likely won't have an answer for you other than that's their "optimized config"

    The firewall won't allow you to increase the setting beyond 10 minutes total, so I'd suggest leaving it where you set it now and see if that causes any issues. Chances are unless you're running a huge network that could potentially overflow the connection tables that nothing will happen.

    -James Carson
    WatchGuard Customer Support

  • Thank you James!

    Gregg Hill

Sign In to comment.