Cato Networks is a certified connectivity partner of RingCentral, a leading provider of unified communications as a service (UCaaS). RingCentral has performed extensive testing that demonstrates Cato’s ability to provide excellent call quality even during poor network conditions with up to 15% packet loss.
If you’re a current or prospective RingCentral customer, this article will guide you through the Cato configuration necessary to get the best performance out of your RingCentral product.
-
Verify that SIP ALG is disabled for the account or specific sites.
-
Enabled Preferred IP for SIP traffic for the account or specific site.
-
Verify that the security policies do not block RingCentral traffic.
-
Configuring the BW Management to give the correct priority for RingCentral traffic.
-
Configure a network rule for RingCentral traffic.
SIP ALG is disabled by default. Verify that it is still disabled.
To verify that SIP ALG is disabled:
-
Go to the Advanced Configuration section for the entire account or the site:
-
For the account: Resources > Advanced Configuration
-
For the site: In Network > Sites click the site and go to Site Configuration > Advanced Configuration
-
-
Click the SIP ALG line and verify that it is disabled. If it is not disabled, click the toggle to disable it. (The toggle is green when enabled).
-
The value of the Value field should be OFF.
-
Click Apply.
SIP ALG is disabled for the account or site.
If you have an egress network rule for VoIP or SIP traffic, sometimes RingCentral has problems if the IP address changes. When the Preferred IP for SIP Traffic feature is enabled, VoIP and SIP traffic always uses the same egress IP address.
To enable Preferred IP for SIP Traffic:
-
Go to the Advanced Configuration section for the entire account or the site:
-
For the account: Resources > Advanced Configuration
-
For the site: In Network > Sites click the site and go to Site Configuration > Advanced Configuration
-
-
Locate the Preferred IP for SIP Traffic line and enable the setting (The toggle is green when enabled).
-
The value of the Value field should be On.
-
Click Apply.
Make sure that the Internet Firewall and URL Filtering policy do not block RingCentral traffic.
By default, the Internet Firewall will not block any RingCentral traffic. However, if you have created a more restrictive Internet Firewall policy, you may need to create a rule to allow RingCentral traffic.
To create an Internet firewall rule to allow RingCentral traffic:
-
In the navigation menu, go to Security > Internet Firewall.
-
Click New > New Rule.
-
In the general section, give your rule a name and description, and select the appropriate Position of the rule. The rule should be placed before any rules that might block RingCentral traffic.
-
In the App/Category section, select Application and enter RingCentral.
-
In the Actions section, select the action Allow.
-
Click Save.
The Rule is created allowing RingCentral traffic.
By default, the Internet Firewall policy will not block traffic to any RingCentral domains. However, if you have configured a more restrictive policy, such as blocking all URL categories and allowing only certain domains, you will need to create a rule to allow RingCentral domains.
First you will create a Custom App containing the domains, then you will create an Internet Firewall rule using the Custom App.
To create a Custom App for RingCentral Domains:
-
In the Cato Management Application, go to Resources > Custom Apps and click New.
-
Enter a Name and a Description for the Application.
-
In the Rules section, click New.
-
In the Domains section, select Domains and enter the required RingCentral domains one at a time. You can view the RingCentral domains on the RingCentral support site.
-
Click Apply on the Rule page, and then Apply on the Custom App page.
-
Click Save on the Custom Apps window to save the policy.
To create an Internet Firewall Rule to allow RingCentral Domains:
-
In the Cato Management Application, go to Security > Internet Firewall.
-
Click New > New Rule.
-
In the general section, give your rule a name and description, and select First as the Position of the rule.
-
In the App/Category section, select Custom Application and enter the name of the Custom Application you just created.
-
In the Actions section, select the action Allow.
-
Click Save.
The Rule is created allowing RingCentral domains.
RingCentral should be assigned the lowest BW Management priority to ensure optimal voice quality even during link congestion. By default, all voice and video traffic over the Internet is assigned the lowest predefined priority, P10, by the “Internet Voice & Video - Predefined” policy under Network > Network Rules in the Cato Management Application. Therefore, without any rule modification, RingCentral traffic will be given the same precedence as other voice traffic.
If you’d like to prioritize RingCentral traffic over all other voice traffic, create a lower priority under Network > Bandwidth Management. You’ll use this priority when setting up a Network Rule in the next step.
To configure a BW Management Priority for RingCentral:
-
From the navigation pane, go to Network > BW Management.
-
Click New.
-
Define the Priority as any number less than 10.
-
Click Apply.
-
Click Save.
Create a network rule for RingCentral traffic to assign a custom BW priority, set the NAT IP, and enable Packet Loss Mitigation. The NAT IP address is also the egress IP address for a specific Cato PoP. We recommend that you select the Cato PoP that is physically closest to a RingCentral PoP, and lets you take advantage of the RingCentral tier 1 backbone.
Setting the NAT IP in the network rule ensures that both SIP (used for call setup) and RTP streams (voice data) share the same NAT IP. Phone calls will not work if the RTP stream uses a different NAT IP than the SIP stream.
Enabling Packet Loss Mitigation will prevent call quality from degrading with up to 15% packet loss on the WAN link.
Prerequisites
You will need at least one allocated IP to complete the configuration for the network rule. If you do not have any allocated IPs, you can create one under Network > IP Allocation in the Cato Management Application. See this article for more information.
To configure a network rule:
-
In the Cato Management Application, go to Network > Network Rules.
-
Click New > New Rule.
-
Enter the Name and specify the type as Internet.
-
Select a low Rule Order to make sure this rule is checked before any other potentially conflicting rules.
-
In the App/Category section, add the Application RingCentral and the Custom Application you created.
-
In the Configuration section, under Bandwidth Management, select the Bandwidth Priority you defined above and enable Packet Loss Mitigation.
-
In the Configuration > Routing Method > Route/NAT field, select NAT and enter a single or multiple egress IPs. We recommend that you select the Cato PoP that is physically closest to a RingCentral server.
-
Click Apply and then Save the rule.
2 comments
Once group level DHCP/DNS/SUFFIX is created and member is assigned(socket site), would i need to do anything on the socket level to ensure that particular socket when DHCP is being lease out the options are included? Or creating the group level is sufficient and all will take effect once i assigned the required DHCP range at the socket level
Hello Chris,
The configuration of the smaller group overrides the larger group.
For more about DHCP, see https://support.catonetworks.com/hc/en-us/articles/360006091117-Best-Practices-for-DHCP .
For more about DNS, see https://support.catonetworks.com/hc/en-us/articles/360006091097-Best-Practices-for-DNS .
Please sign in to leave a comment.