I have a client with a Trixbox (free) PBX running all their phones on the same LAN as their data. They have a Sonicwall NSA 240 at the gateway. The PBX is connected to the outside world via PCI card connected to a PRI; voice traffic, therefore, traverse the LAN (for our purposes, 192.168.1.0/24) and goes out the PRI without ever really running through the Sonicwall (other than for routing purposes). Their current switching configuration is Layer 2 but their switches are capable of Layer 3 (VLAN, etc....) switching (to be clear, I'm no expert on VLAN configuration).
The client wants to set up a subnet (192.168.2.0/24) such that the voice traffic is on this subnet and the data continues to ride on 192.168.1.0/24. Their proposal was to set up an interface on the Sonicwall to be configured with the gateway address of this subnet (e.g., X0>192.168.1.1, X3>192.168.2.1) and set static routes in the Sonicwall such that the phones would communicate with the PBX (192.168.2.2) but not with any of the data devices, including getting their DHCP IP address and config from the PBX.
My intial reaction is that this can't be done, but again, I'm not an expert on advanced networking concepts and am unsure if there is something that can be done to make this happen. That said, having a gateway interface on the Sonicwall (or any router/firewall) doesn't seem to make sense to me as the Sonicwall is not actually acting as the gateway (voice traffic goes out the PBX via PRI). I think it would be possible to static each phone and point it to the PBX manually and have it communicate with the PBX in this way but that's a bunch of work and really accomplishes very little of value.
I think the best option is to configure a VLAN on their switches and have all voice traffic on this VLAN. I need to have more information, however, in order to go back to the client and convince them that what they are trying to do is not feasible. Any insight anyone here can provide would be greatly appreciated!