Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 27 subscribers
  • Views 5877 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN Traffic priority and QoS question in general

Federico Boldori

Hello everybody,

we are migrating from Kerio Control to Sophos XG Firewall. We have 2 sites. I've setup a Site2Site VPN between Kerio on Site 2 and an XG210 (ver 17.0.2 MR2) on site A.

But on site A i had to revert to Kerio becouse the tunnel was really unstable. It has become unstable just at the beginning of the work hours. (during night no disconnection at all).

After reviewing configuration, my only idea is that the WAN link was full and without QoS rules maybe VPN went into timeout. This thesis is supported by the fact that RDP sessions and VOIP sessions between the 2 sites, that relies on vpn, where very very laggy (rdp was unusable and voip with only one channel get a lot of loss in quality voice)

I'm new to sophos so where i should add priority for VPN services on WAN link? I should add the QoS policy on the firewall tab on VPNtoLAN and LANtoVPN Rule or on the generic nat rule for internet access in Firewall tab?

And imagine if i want only to give high priority only for SIP and RDP protocol over the VPN but not to internet, how that i configure that?

 

thank you



This thread was automatically locked due to age.
  • 0

    ps: maybe it was not clear but my final intention is to prioritize vpn traffic, understood as the tunnel protocol, on the WAN interface and also inside the tunnel give priority to voip and rdp services inside that tunnel. And i would like to have the VPN exiting and responding only to a specific WAN IP address (we have 1 wan with multiple ip address)

    And this bring me another question if some one could help me to figure it out:

    our WAN provider give us a single connection with multiple ip address on the same cable. I cannot define multiple ip address on the WAN Port interface, so i put only the first IP of the 255.255.255.240 class. I have to define the others wan ip as ip host? We have multihoming on the previus sophos, so i can share across the ip some services (generic https reverse proxy, exchange owa, vpn ecc)

  • 0 in reply to Federico Boldori

    If I am not mistaken When you go to Configure -> Network -> Interfaces, Select your WAN interface and then in the upper right there is "Add Interface". From here select add Alias and fill out the information. You will have to do this for each IP.

     

    Hope this helps.

    -Ron

  • 0 in reply to rrosson

    Hello Ron thank you for the respond!

    Ok i've found the alias button and now i've added them to the wan port and modified the rules in the firewall section.

    I'm still on the VPN thing.