Hi,
I'm running the home version of the UTM, on the latest firmware (9.405-5). I'm experiencing some jitter when using my Cisco 7942 phone over a VPN from home, which is resulting in "gaps" in the conversation when talking - this goes both directions when talking on the phone. My VPN is set up such that I have a dedicated local subnet/interface so I don't have to worry about strange NAT rules getting in the way of the RTP streams. Some of the things I've done to try to alleviate the issue (there are probably more, but these are what come to mind immediately):
- Reduced the MSS in the system by following the shell commands listed here: https://community.sophos.com/products/unified-threat-management/f/58/t/55405 (I actually set my MSS to 1400 instead of 1440)
- Hard-coded the interface (yes, singular, more on that below) to be 1000-Full in the Interfaces->Hardware section of the web interface
- Turned on "Support path MTU discovery" and "Support congestion signaling (ECN)" in the Remote Gateway configuration
- Gone into the Intrusion Prevention section and added my local VPN network as a "Local Network" (this helped, as it took my internet speed from 20 megabit to 90+)
- Added my local VPN network to the skip list for the web proxy
- Verified that I am trusting the QoS/CoS markings from my phone on my local Cisco switch
- Went into QoS->Advanced in the web interface and checked both options ("Keep classification after encapsulation" and "Explicit Congestion Notification (ECN) support".
My firewall is probably configured a little differently than most, I have an SFF Dell desktop with a single gigabit Ethernet interface, and all the other interfaces are VLAN interfaces on this (Inside, WAN, and my local VPN subnet, labeled "BBVPN" below). I would fully accept that is is the cause of the problem and if so I'll grab another NIC and install it, but I don't think that the NIC is the bottleneck, since I have a 100 megabit internet connection and the interface is running at 1 Gig, with no drops or errors reported on the switch.
A screen shot that might help, I've seen it requested in other threads:
Would upgrading to the home version of the XG firewall help? I know that would involve rebuilding my configuration since last I checked there wasn't a conversion tool, but if the VPN support is more robust in that version I'll make the leap. Also unrelated question, does the XG firewall support IKEv2? I found a thread from last year saying, "Next version" but nothing more than that.
Thanks for sticking with me through my novel length post :)
This thread was automatically locked due to age.
