Shoretel Phone Server and Sonicwall TZ-210 VoIP QoS

I would like to setup QoS for all Shoretel phone traffic. Not only through the VPN between 2 locations but also just locally.

I have 2 TZ-210 firewalls that VPN together for 2 remote locations.

Can anyone help me accomplish this? Somebody really familiar with those Sonicwalls AND the Shoretel system would be best.

Thank you.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

We have shoretel 11.1 and sonicwall NSA 3500 at our HQ and Sonicwall TZ210W at our remote site.  All of our phone switches are at our main site and the remote site phones connect via the site-to-site VPN back to our corporate site.

I haven't implemented VoIP QoS yet, but I've done a lot of research.  Here is what I think you need to do.

1. Setup bandwidth management on your WAN interface for both sides.  This is important for your sonicwalls to know the limits of your internet connection on both sides to so it knows how to prioritize your packets at the sonicwall instead of allowing your modems to queue packets.  The idea is you want to have your sonicwall BWM at the modem's bandwidth limit or a bit below it.  That way your sonicwall can slow other traffic down instead of your modem queuing packets.  The queuing of packets at the modem level with result in poor call quality.

2. If you want to do QoS internally then I would recommend setting up a VLAN for your shoretel system and phones.  You will need to have your phones utilize the 802.1p/q tagging and assign the VLAN ID.  If your phones auto configure themselves then this is done via the string in your DHCP scope options where you normally set the IP of the FTP server.

3. make sure your sonicwalls are on the latest firmware.  Many times issues pop-up and having the latest helps.  I believe the latest firmware for the TZ210 now is

4. Because QoS doesn't exist over the internet there are things we can do to mimick QoS.  #1 (BWM is one thing).  Because layer2 tagging gets stripped off packets going out to the internet you need to have your sonicwalls map 802.1p CoS tags to DSCP tags.  DSCP is a layer3 QoS tagging that can traverse the internet.  On the sonicwalls under firewall settings there is a setting for QoS Mapping.  This lists how the 802.1p to DSCP mapping is done.  For the most part you do not have to worry about changing the defaults here.

5. Setup access rules to manage bandwidth allocation for VoIP traffic.  Under the firewall access rules you will want to make an access rule for shoretel traffic from your shoretel network (for us it is LAN, yours may be your shoretel VLAN) to the VPN.  You can make the rule for Any->Any for the service group of Shoretel (built in service group from sonicwall, thanks sonicwall :-)).  You will want to also create inbound rules from VPN to shoretel network.  And, you will need these two rules on both sides of the VPN tunnel.

Under the QoS tab for the access rule you will want to set the 802.1p and DSCP marking action to Map.  This will take care of the 802.1p to DSCP mapping I mentioned in step 4.  I don't think you need to map both.  Basically look at the rule.  If the packet is going from your network out to the internet (VPN included) then I think you want to map the 802.1p tags (maps 802.1p to DSCP).  For inbound rules you will want to map DSCP (maps DSCP tags back to 802.1p tags)

On the ethernet BWM tab you will also want to make some changes.  I would recommend enabling inbound and outbound BWM.  The main things you will want to set is guaranteed bandwidth to like 5% to 15% depending on how much bandwidth you have to work with.  voice calls only use a few kbps.  If this is too low you might not be guaranteeing enough bandwidth for voice.  If it is too high to may be allocating too much bandwidth for voice and taking that away from other data traffic.  Regardless of guaranteed bandwidth I would set the bandwidth priority to 0 (highest).

I'm guessing that should keep you busy for awhile.  Let me know if you have any more questions.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
MaxDes101Author Commented:
Great job. Great tutorial. Thank you very much!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.