Replace Cisco 1921 With Sophos?

Question

Not sure where this question would go other then Initial Setup. It's more of a design question but its the closest group I could find. 
 
 Currently our main office has a Sophos XG310 and a Cisco 1921 used for a point to point connection with a branch office. The point to point carries tagged info for three VLANs and has voice priority for DSCP EF (46) QoS and also for one of the three VLANs (kinda a backup in case the traffic wasn't tagged). This works fine. However we are adding another branch office and will have a Sophos XG125 in that office (for local internet). Can the Sophos do the routing in place of a Cisco 1921 with the QoS? In other words can I forward traffic from the main office (10.10.*) to the suboffice (10.20.*) with those three VLAN's and then give priority to the VLAN for voice traffic? It would be nice to not have to have the Cisco boxes in addition to the Sophos at each location. 
 
 -Allan

AllanD · Accepted Answer

I just wanted to leave a update. After playing around with the XG I gave up and used the Cisco 1921 pair since I knew 100% that the QoS for voice traffic worked. In fact I pushed a 1 Gb file over the link to saturate it and made calls back and forth and they were crystal clear. Although I would have liked to use the XG for this I don't feel confident enough in me setting it up for this which the Cisco boxes, although overkill, just work. Also they don't have any bandwidth issues, maybe because they are only doing this simplistic routing with QoS and nothing else (no security policies, firewall, etc). So I'm getting the full 50 mbps over the link without issues. 
 
 We are bringing on another office in the near future so I might revisit trying it with the XG simply to save me from having to buy more Cisco routers. 
 
 -Allan

lferrara · Answer

Allan, 
 if you have already an XG into place, you can have a look at the Policy Route options under Routing Menu. As you can see you can define routing source/destination, services and interface used and apply DSCP Marking. 
 Please refer to XG Manual too: 
 http://docs.sophos.com/nsg/sophos-firewall/v16050/Help/en-us/webhelp/onlinehelp/index.html#page/onlinehelp%2FPolicyRoutingEdit.html%23 
 Regards

Aditya Patel · Answer

HI AllanDynes , 
 It is possible on XG , 
 Configuration steps: 
 1. Add VLAN interface on the Port on the LAN side on each location. 
 2. Add the Static Route for the remote location and point it to the remote device MPLS connected interface address. 
 3. If the XG is configured as InterVlan Routing , then the process is automated or Otherwise the L3 switch would do the same and Static Route is necessary . 
 As for the QOS : The QOS is mainly used to prioritize the traffic or to restrict the Bandwidth of the traffic . This is used if you do not wish your MPLS line to be Fully utilized by your users.