Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 28 subscribers
  • Views 12921 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Traffic shaping policy for VoIP

Speatech

Hi,

Need advice from somebody who knows well about VoIP.

Our VoIP phones works fine as long we allow all traffic through the firewall :(

We don't use any PBX server, the phones connect directly to the provider. SIP as been disabled as recommended by the provider. If I use the #Default_Network_Policy, a few phones loose connection with the provider. A view of the log (198.41.28.71 belongs to our VoIP provider.):


??

Also,here the VoIP firewall I was trying earlier to implement to set the highest priority for VoIP communications:

 

 

The highest voice quality codec used is G.711. Am I doing anything wrong? Can "individual" bandwidth usage type be used for IP addresses filtered by this FW rule? Or is it only for configured Users?

Tks



This thread was automatically locked due to age.
  • 0

    I've called at least 4 times Sophos support today and nobody knows how to deal with VoIP. They know what's a VoIP phone and that's it.

    If I ask "what's the best practice regarding firewall rules for VoIP?", they have no clue! 

    Am I the only person using VoIP phones in this word? :O

     

     

  • 0 in reply to Speatech

    Hi,

     I am a home user that has two VoIP services to two different providers using very poor internet service 3.5m/660k

    My firewall rule looks like this:-

     

    Ian

  • 0

    My phones don't connect directly to a third party provider(they connect to an internal pbx) but I do have a sip trunk that comes from a sip trunk provider (twilio) that connects  to a freepbx server behind my sophos.  I just use a traffic shaping policy on my 2 firewall rules that allows call  in and out  from/to my provider.  That seems to work well enough for me.

     

    If I may ask, when you say that some phones lose connection,  do you mean the phones actually deregister themselves from the provider or do you drop the call a few minutes into the call?  I'm guessing they deregister since you have traffic on port 443?(usually the actual phone communication is sip (udp 5060/5061), but let me know.

     

    -Scott

     

  • 0 in reply to Scott_D_L

    Scott_D_L said:

     

    If I may ask, when you say that some phones lose connection,  do you mean the phones actually deregister themselves from the provider or do you drop the call a few minutes into the call?  I'm guessing they deregister since you have traffic on port 443?(usually the actual phone communication is sip (udp 5060/5061), but let me know.

     

    -Scott

     

    That is exactly what happens, they deregister themselves. On 25 phones, 3-4 phones were having this issue. I rebooted them and the phones displayed "Unable to connect to...". The funny thing is I could ping the phone provider IP from the phone menu. What I did is I connected these phones to a different firewall (Sonicwall) and second ISP and I was able to get them connected. I then connected them back behind the Sophos XG and they were able to register for 30-60  minutes. They then deregister again

    I thought it could have been a Sophos DHCP issue since I expanded the scope prior to the issue but the phone get their new IP, Mask, DNS... and I am able to ping from them.

  • 0 in reply to rfcat_vk

    Ian

     

     Seems like you are using a Softphone app to make your calls. You are adding a traffic shaping policy to an app... I do this for devices which is a bit different.

  • 0 in reply to Speatech

    Hi,

    no, both use SPA devices (112 and 3102)with real phones attached.

    Ian

  • 0 in reply to rfcat_vk

    rfcat_vk said:

    Hi,

    no, both use SPA devices (112 and 3102)with real phones attached.

    Ian

     

     

    Not sure then why you are using Application Control (VOIP). Can you explain please? :)

    Thanks

  • 0 in reply to Speatech

    Because VoIP (protocol) is an application not a web access. You are not using the http proxy to manage your phone access.

    Ian