Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 3 subscribers
  • Views 6923 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Voip QOS on 135 SG with hosted PABX, use subnet? or some other method?

Martin Murray

Hi everyone,

First time user having just received my SG 135 :)

I have the following Client situation:

They are an Office of up to 24 staff running windows laptops, no servers, everything is done via hosted Exchange and Autotask Workplace File Sync and Share.

We will be installing a 400/400 Fibre connection in a month or so.

Once installed I'm intending to install the following:

 

1) Sophos 135 SG with Network Protection only.

2) Hosted PABx System from https://www.telecube.com.au/hosted-pabx/

3) 24 Yealink SIP handsets.

 

On my test setup I've set up the following:

1) Main Subnet port which goes to a dumb switch, for all the computers, iphones, backup synology etc.

2) Voip LAN port on a different subnet, which goes to another dumb switch, for all the headsets.

 

I was thinking there must be a way to prioritise the Voip port, ie:

 

Allocate say 20/20 Mbps of the 400/400 to voip, this port has absolute priority over everything else, ie:

The main subnet would get the remaining 380/380.

 

However, according to Sophos support this is not possible?

"QoS is to set different priority to different network traffic.
In your scenario, you should give high priority to traffic between SIP handset and Telecub's PABX, not the LAN4 VoIP interface on UTM.
Traffic Selectors defines different network traffic. Therefore, the IP address of Telecub's PABX server should be defined as Source of Traffic Selectors"

and instead referred me to a QOS for VOIP traffic.docx, see link below.

https://us.awp.autotask.net/1/filelink/bv2my-b3pysuq-wtr5bcbv

and which they said:

Please refer to the attached QoS for VoIP traffic.docx for configuration.
QoS for VoIP traffic.docx is for VoIP scenario with external SIP provider (SIP locates on Internet).
If you have a different scenario, please let me know
1. IP address of SIP server
2. IP address of internal PBX server, if any
3. IP address of a VoIP phone/client device

I'm just a bit concerned about putting all the traffic on the one subnet and relying on QOS to ensure voip is perfect.

Plus that document seemed a bit cumbersome to me, in that I'd have to set up each individual handset?

Love to hear what you think.

Best wishes, Martin



This thread was automatically locked due to age.
  • 0

    Hi, Martin, and welcome to the UTM Community!

    Before you get too far along, I would urge you to read the Rulz.

    I don't know if you can avoid setting up the phones individually, but you should try to do so without setting TOS/DSCP bits.  If your ISP will honor those bits in its network, you might want to use them - unlikely though.

    I would start with configuring 'VoIP' in 'Network Protection'.  You will likely need RTP and RTP-Response Service definitions and appropriate firewall rules.

    For QoS, you will want to bind to the WAN interface one Bandwidth Pool guaranteeing outbound bandwidth to VoIP traffic and two Download Throttling rules reserving inbound bandwidth for VoIP (in order):

    1. Limit inbound VoIP traffic to 1Gbps
    2. Limit all traffic to 370Mbps

    Depending on the ISPs minimum guaranteed bandwidth, you will want to adjust 370 up or down.

    Let us know how it goes!

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Thank you Bob, and thank you for the warm welcome :)

     

    I didn't understand some of your advice, I'm very new to Sophos UTM!

     

    "I don't know if you can avoid setting up the phones individually, but you should try to do so without setting TOS/DSCP bits.  If your ISP will honor those bits in its network, you might want to use them - unlikely though."

    So do I try and do this or not? I'm confused.

    "I would start with configuring 'VoIP' in 'Network Protection'.  You will likely need RTP and RTP-Response Service definitions and appropriate firewall rules."

    I did turn on SIP protocol support, under VoIP but Sophos Support said to turn it off, as it was only needed in very specialised cercirmstances.

    I don't see any any reference to "RTP and RTP-Response Service definitions and appropriate firewall rules" within this section, are you referring to somewhere else?

    You can see I'm new at this....

    "For QoS, you will want to bind to the WAN interface one Bandwidth Pool guaranteeing outbound bandwidth to VoIP traffic and two Download Throttling rules reserving inbound bandwidth for VoIP (in order):

    1. Limit inbound VoIP traffic to 1Gbps
    2. Limit all traffic to 370Mbps"

    I'll try and work through this, and see how i go :)

     

    Many thanks again, Martin

     

     

     

  • 0 in reply to Martin Murray

    "So do I try and do this or not? I'm confused." - I would try without setting TOS/DSCP bits.  From your description of your situation, they would only be helpful if you were assured by the ISP that they can prioritize packets so marked, and my guess is that they don't offer that.

    The SIP helper doesn't work for everyone.  I suggested you try it because you're learning WebAdmin and it might have simplified the setup for you.

    I don't know the VoIP phones you're using.  I would expect the SIP server to setup the call and then for the two phones to communicate directly using a Real-Time Protocol.

    In effect, the Download Throttling rule #1 is an Exception to #2.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML