Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 8 replies
  • Subscribers 28 subscribers
  • Views 9651 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Multiple WAN/Status Down

JonMiley

So I have configured my XG in what I think is the correct manner, but am having a persistent issue because of it.

Overview:

The phone system vendor that we work with was having bandwidth issues.  We share a modem that is handling addresses from a static block.  The XG is sitting on one address and the Phone on another.  During high traffic periods the XG would eat the entire pipe and crush the VoIP to the point where it would no longer be able to maintain communications.  They (phone vendor) wanted us to put the phones behind the XG.

Deployment:

The internal network interface (x1) in the LAN zone. x.x.123.1/24

The external network interface (x2) in in the WAN zone. x.x.x.68/29

I created a new internal network interface (x3) in a new VoIP zone. x.x.10.1/24

I created a new external network interface (x4) in the WAN zone. x.x.x.69/29

I then created traffic shaping policies such that x3-x4 has a minimum pipe.

I finished with my firewall rules so that traffic is passing out of VoIP to the WAN (x4) and all the needed inbounds are passing through.

Issues:

The Interfaces keep showing the x4 as offline/online/offline/online.  And every time is does it emails.  But it's still passing traffic.  I extended the timeout of the fail-over to the maximum to keep the noise down, but that's not a solution.

Questions:

Is the above configuration the optimal configuration?

How do I keep the WAN interface from flipping out?

Should I be doing this different?



This thread was automatically locked due to age.
  • 0

    Hi,

    Show us a picture of the configuration of the WAN Link Manager settings for individual ISP gateways.

    Thanks

  • 0 in reply to JonMiley

    Jon,

    why do you have the same Gateway configured on 2 network interfaces?

  • +1 in reply to JonMiley

    Hi Jon,

    Any specific reason why same ISP gateway is configured on two separate interfaces? As I calculated your subnet, I believe you are trying to add an additional address provided by ISP. If that is your requirement, configure an alias to the WAN interface. You can find the KB for this requirement here.

    Thanks

  • 0 in reply to sachingurung

    That's what I was looking for.  Thank you.

  • 0 in reply to sachingurung
    OK. So I tried applying the Alias as recommended in the listed KB document, but it unfortunately broke the traffic flow. As it is currently configured with the two ports with a common gateway while it is throwing errors out, it is successfully passing the required traffic to the address of the VoIP system. However when I set the Alias and re-pointed all my Business Application rules to the correct #2:0 Alias the device could no longer make the connection to the SIP provider. It could see the internet, ping outside resources. But there was no ViOP traffic passing through to the device.
  • +1

    Hi JonMiley,

    Please confirm and aswer:

    1> you now have two IP address of same subnet on a single interface (one as interface IP and another as alias bonded to the same interface)

    2> The VOIP server is out on the wan and only the VOIP phones are inside the network or your voip server and the phone are all inside?

    3>You hear the ring but no voice thereafter? or what is the error on the phone display panel?

    4> please share the result of below command for the SIP entry:

    console> system system_modules show 

    Ravi
  • +1 in reply to Ravindra Krishna

    OK, so first I want to thank all of you for contributing to this issue I am having.

    I have now managed to successfully restore traffic flow.

    - I have restored the Alias so that both desired IPs are assigned to the #2 interface. (#2 x.x.x.67, #2:0 x.x.x.68)

    - There is a SINGLE gateway configured (x.x.x.70)

    - The VoIP server is inside the network on a dedicated port (#3) on a dedicated Zone

    - The VoIP Phones are below the VoIP server on a dedicated wired infrastructure

    The issue with the traffic not flowing appears to have been in the pre-Sophos configuration.  There is a modem and a switch ahead of the Sophos and while I had rebooted the modem, I had not rebooted the switch.  Some pretty basic networking 101 stuff right there, but I missed it.  After configuring the Alias, repointing the Business application rules and rebooting the entire wall it now functions as desired.