Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 28 subscribers
  • Views 12923 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Traffic shaping policy for VoIP

Speatech

Hi,

Need advice from somebody who knows well about VoIP.

Our VoIP phones works fine as long we allow all traffic through the firewall :(

We don't use any PBX server, the phones connect directly to the provider. SIP as been disabled as recommended by the provider. If I use the #Default_Network_Policy, a few phones loose connection with the provider. A view of the log (198.41.28.71 belongs to our VoIP provider.):


??

Also,here the VoIP firewall I was trying earlier to implement to set the highest priority for VoIP communications:

 

 

The highest voice quality codec used is G.711. Am I doing anything wrong? Can "individual" bandwidth usage type be used for IP addresses filtered by this FW rule? Or is it only for configured Users?

Tks



This thread was automatically locked due to age.
Parents
  • 0

    My phones don't connect directly to a third party provider(they connect to an internal pbx) but I do have a sip trunk that comes from a sip trunk provider (twilio) that connects  to a freepbx server behind my sophos.  I just use a traffic shaping policy on my 2 firewall rules that allows call  in and out  from/to my provider.  That seems to work well enough for me.

     

    If I may ask, when you say that some phones lose connection,  do you mean the phones actually deregister themselves from the provider or do you drop the call a few minutes into the call?  I'm guessing they deregister since you have traffic on port 443?(usually the actual phone communication is sip (udp 5060/5061), but let me know.

     

    -Scott

     

  • 0 in reply to Scott_D_L

    Scott_D_L said:

     

    If I may ask, when you say that some phones lose connection,  do you mean the phones actually deregister themselves from the provider or do you drop the call a few minutes into the call?  I'm guessing they deregister since you have traffic on port 443?(usually the actual phone communication is sip (udp 5060/5061), but let me know.

     

    -Scott

     

    That is exactly what happens, they deregister themselves. On 25 phones, 3-4 phones were having this issue. I rebooted them and the phones displayed "Unable to connect to...". The funny thing is I could ping the phone provider IP from the phone menu. What I did is I connected these phones to a different firewall (Sonicwall) and second ISP and I was able to get them connected. I then connected them back behind the Sophos XG and they were able to register for 30-60  minutes. They then deregister again

    I thought it could have been a Sophos DHCP issue since I expanded the scope prior to the issue but the phone get their new IP, Mask, DNS... and I am able to ping from them.

Reply
  • 0 in reply to Scott_D_L

    Scott_D_L said:

     

    If I may ask, when you say that some phones lose connection,  do you mean the phones actually deregister themselves from the provider or do you drop the call a few minutes into the call?  I'm guessing they deregister since you have traffic on port 443?(usually the actual phone communication is sip (udp 5060/5061), but let me know.

     

    -Scott

     

    That is exactly what happens, they deregister themselves. On 25 phones, 3-4 phones were having this issue. I rebooted them and the phones displayed "Unable to connect to...". The funny thing is I could ping the phone provider IP from the phone menu. What I did is I connected these phones to a different firewall (Sonicwall) and second ISP and I was able to get them connected. I then connected them back behind the Sophos XG and they were able to register for 30-60  minutes. They then deregister again

    I thought it could have been a Sophos DHCP issue since I expanded the scope prior to the issue but the phone get their new IP, Mask, DNS... and I am able to ping from them.

Children
No Data