[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2459
  • Last Modified:

sonicwall tz100, voip, bandwidth management, and port forwarding

I have a dozen voip phones with static LAN IPs. I'm trying to apply port forwarding and group bandwidth management to them so they have guaranteed bandwidth when the WAN connection becomes saturated. (QoS is not an option for now). This is my first sonicwall (Tz100) so I need a little handholding here please...

My steps so far...
1. create service objects for each device I want to port forward to (1 service object per phone)
2. use the "Public Server Wizard" to associate a service object to each voip phone

...so far so good. Now where it gets tricky:

3. Create a new Service Object Group "Voip all" which contains all the new service objects automatically created in step 2.
4. create a new firewall access rule, WAN > LAN, for the Service Object Group in step #3, and apply Bandwidth reservation there.

...except this isn't working! My logic is likely flawed. Any suggestions?
0
ezekiel2517
Asked:
ezekiel2517
  • 6
  • 6
1 Solution
 
Syed_M_UsmanCommented:
Dear,

there are two ways of achiving your requirment;

1) Simply give priority to all VOIP traffic from your VOIP Subnet (Option#1)

2) create AO and Groups.(Option#2)
since you have already made all AO for VOIP phones, please add one Group and add all AO of VOIP phone in the Group...

Step 1: Configuring Bandwidth Management Settings on the WAN Interface > Advanced tab
Step 2: Configuring Bandwidth Management Settings on the Firewall > Access Rules page

(Option#1)
Step 3: LAN->WAN
Service: VOIP
Source: VOIP LAN SUBNET or LAN Subnet
Destination: ANY or you may define
Users Allowed:ALL
Same ruleEthernet BWM TABB

Ethernet Bandwidth Management
Enable Outbound Bandwidth Management ( 'allow' rules only)....

(Option#2)
Step 3: LAN->WAN
Service: VOIP
Source: VOIP GROUP
Destination: ANY or you may define
Users Allowed:ALL
Same ruleEthernet BWM TABB

Ethernet Bandwidth Management
Enable Outbound Bandwidth Management ( 'allow' rules only)....
0
 
ezekiel2517Author Commented:
Thank you Syed.

I've done the above on the LAN --> WAN side, and it's taking effect.

But do I need to do something on the WAN --> LAN side? So that incoming traffic is prioritized to the phones instead of being used on Downloads, Email, etc?

I ask because right now, the VOIP quality sounds fine to callers outside the network (LAN > WAN) but the users inside the network are having quality problems (WAN > LAN).

Thanks,
Matt
0
 
Syed_M_UsmanCommented:
Dear,

thank you for the comments....

But do I need to do something on the WAN --> LAN side.... YES if you have quality or Bandwidth issues..
could you please let me know below;

1) connection speed
2) # of WAN connections.
0
What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

 
ezekiel2517Author Commented:
Didn't see your reply Syed,

Wan speed is 2.6 Megabit up and down, 1 wan connection. about 12 devices accessing that WAN (workstations), plus the phones (another 12).

There are only 4-5 phones in active use at a time.

The workstations are only running RDP/citrix, so they don't use much bandwidth at all.

There should be enough bandwidth to go around for the phones.

Thanks,
Matt
0
 
Syed_M_UsmanCommented:
Dear,

in your case i dont think you need,, as you have enough bandwidth with limited hosts. by the way how's the current BMW working? is it good ? have you feel any difference?
0
 
ezekiel2517Author Commented:
Hi Syed,

Unfortunately I'm having quality issues with the phones now. 40% of bandwidth is reserved, 100% available for incoming and outgoing bandwidth on the BWM page of the LAN-->WAN rule for the LAN range of the phones. But I'm still having issues.

Do I need a WAN --> LAN rule as well? But I don't understand why I would need this when
the LAN rule already works for incoming and outgoing bandwidth.

Would you clarify? Thanks
0
 
Syed_M_UsmanCommented:
Dear,

"LAN rule already works for incoming and outgoing bandwidth" this statment is not true...

LAN to WAN rule works only for outgoing traffic,,,,
WAN to LAN rule works only for incoming traffic.
0
 
ezekiel2517Author Commented:
Still confused Syed... then I don't understand why this Lan to Wan rule includes the option for Incoming Bandwidth Management. Since lan to wan only works for outgoing traffic, is the incoming bandwidth setting ignored?

This is what the rule is currently set to. Should I disable "Enable Inbound Bandwidth Management" and setup a separate WAN --> LAN rule and enable it there instead?

 Access Rule settings - 1
Bandwidth Management on LAN-->WAN rule
Thanks
0
 
Syed_M_UsmanCommented:
Dear Sorry for late reply...
please make a duplicate policy but from WAN to LAN....
0
 
ezekiel2517Author Commented:
Hi Syed,

if I duplicate both of those settings (Inbound guarantee 40%, Outbound Guarantee 40%) on LAN --> WAN and WAN --> rules, 80% of my bandwidth will be reserved.

Is the solution to create the WAN --> LAN rule, and only enable "Inbound", and on the LAn --> WAN rule, only enable "Outbound"?
0
 
Syed_M_UsmanCommented:
no no,,, not wan to wan ...
WAN to LAN...

this rule help us resolving the issue,once we suceed in next stage we will simply use QOS to prioritize VOIP traffic and disble BMW.

i will test Priority setting in my SNA (after office hours)and send you screen shot .
0
 
ezekiel2517Author Commented:
Ok, done.

Figuring out whether Inbound / Outbound BWM is necessary on both rules is important to me, as right now a huge chunk of bandwidth is being reserved that other real-time services (like Citrix, video-conferencing, etc) need. I think prioritizing via QOS and disabling BMW is the best solution.

I'd appreciate screenshots of the QoS rules you have that work.... thanks!
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

  • 6
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now