Multiple WAN/Status Down

Question

So I have configured my XG in what I think is the correct manner, but am having a persistent issue because of it. 
 Overview: 
 The phone system vendor that we work with was having bandwidth issues. We share a modem that is handling addresses from a static block. The XG is sitting on one address and the Phone on another. During high traffic periods the XG would eat the entire pipe and crush the VoIP to the point where it would no longer be able to maintain communications. They (phone vendor) wanted us to put the phones behind the XG. 
 Deployment: 
 The internal network interface (x1) in the LAN zone. x.x.123.1/24 
 The external network interface (x2) in in the WAN zone. x.x.x.68/29 
 I created a new internal network interface (x3) in a new VoIP zone. x.x.10.1/24 
 I created a new external network interface (x4) in the WAN zone. x.x.x.69/29 
 I then created traffic shaping policies such that x3-x4 has a minimum pipe. 
 I finished with my firewall rules so that traffic is passing out of VoIP to the WAN (x4) and all the needed inbounds are passing through. 
 Issues: 
 The Interfaces keep showing the x4 as offline/online/offline/online. And every time is does it emails. But it's still passing traffic. I extended the timeout of the fail-over to the maximum to keep the noise down, but that's not a solution. 
 Questions: 
 Is the above configuration the optimal configuration? 
 How do I keep the WAN interface from flipping out? 
 Should I be doing this different?

sachingurung · Accepted Answer

Hi Jon, 
 Any specific reason why same ISP gateway is configured on two separate interfaces? As I calculated your subnet, I believe you are trying to add an additional address provided by ISP. If that is your requirement, configure an alias to the WAN interface. You can find the KB for this requirement here . 
 Thanks

Ravindra Krishna · Answer

Hi JonMiley, 
 Please confirm and aswer: 
 1> you now have two IP address of same subnet on a single interface (one as interface IP and another as alias bonded to the same interface) 
 2> The VOIP server is out on the wan and only the VOIP phones are inside the network or your voip server and the phone are all inside? 
 3>You hear the ring but no voice thereafter? or what is the error on the phone display panel? 
 4> please share the result of below command for the SIP entry: 
 console> system system_modules show Ravi

JonMiley · Answer

OK, so first I want to thank all of you for contributing to this issue I am having. 
 I have now managed to successfully restore traffic flow. 
 - I have restored the Alias so that both desired IPs are assigned to the #2 interface. (#2 x.x.x.67, #2:0 x.x.x.68) 
 - There is a SINGLE gateway configured (x.x.x.70) 
 - The VoIP server is inside the network on a dedicated port (#3) on a dedicated Zone 
 - The VoIP Phones are below the VoIP server on a dedicated wired infrastructure 
 The issue with the traffic not flowing appears to have been in the pre-Sophos configuration. There is a modem and a switch ahead of the Sophos and while I had rebooted the modem, I had not rebooted the switch. Some pretty basic networking 101 stuff right there, but I missed it. After configuring the Alias, repointing the Business application rules and rebooting the entire wall it now functions as desired.