Solved

Sonicwall TZ 215 Config

Posted on 2014-07-25
6
344 Views
Last Modified: 2014-08-08
X0- LAN1 Data Switch (192.168.1.0 network)
X1- WAN1 (FIOS)
X2- WAN2 (T-1)
X3- LAN2 VoIP switch (192.168.2.0 network)
X4 and X5 Portshield to X0

Pretty much I want all traffic for VoIP switch (X3) to use ONLY T-1 WAN (X2).  All traffic  from data switch (X0) can use ONLY FIOS (X1).  I also have failover setup.  Just want to make sure my setup is correct.

Custom Routing Policies 1:
Source: Address Object (VoIP Traffic- 192.168.2.0)
Destination: Any
Service: VOIP
Gateway: X2 Default Gateway
Interface: X2
Metric: 1
Priority: 8

Custom Routing Policies 2:
Source: LAN Primary Subnet
Destination: Any
Service: Any
Gateway: X1 Default Gateway
Interface: X1
Metric: 1
Priority: 11

Would also like to implement QOS for VOIP.  I had some phone call quality issues a couple nights ago, but after adding custom routing policy 2 things improved.
0
Comment
Question by:Pedro Guerrero
  • 3
  • 3
6 Comments
 
LVL 20

Expert Comment

by:masnrock
Comment Utility
I would have done NAT policies. That way, it routes the traffic just the way you want it, and also does the translations properly.

Since you have one whole interface for VOIP and nothing else, you really will not need to do QoS. Is your VOIP system hosted or in house?
0
 

Author Comment

by:Pedro Guerrero
Comment Utility
VoIP system is hosted through ringcentral.  After opening their required UDP ports phone quality has been great.

Can you explain exactly how NAT policies would work better than what I have?
0
 
LVL 20

Accepted Solution

by:
masnrock earned 500 total points
Comment Utility
Having reviewed again what you did, you might have actually basically accomplished the exact same thing. So no point in going and changing things around. Have you checked the firewall rules to make sure that the two LANs cannot communicate with one another? Only other thing I can think of to review is whether the failover is working the way you want it to.

BTW - If you ever start looking at an in house solution (I remember your mentioning 35 voip phones in house), I'd recommend 3CX, which has a bit of an upfront learning curve, but isn't overly difficult to get the features you need going. I can always recommend some vendors if need be. I've been in the process of testing it for rolling out in my office and to a few clients in need of replacement phone systems.
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 

Author Comment

by:Pedro Guerrero
Comment Utility
The two LANs do communicate; i will setup that rule today. I tested failover and works just fine.

My scan to email stopped working after I installed sonicwall.  Getting a SMTP Gateway error.  Any idea?  Could it be router blocking access?
0
 
LVL 20

Expert Comment

by:masnrock
Comment Utility
Could be many different reasons. Is the email being sent to a relay outside of the network, or using an in house mail server?
0
 

Author Comment

by:Pedro Guerrero
Comment Utility
relay outside of network.  was doing some troubleshooting and it worked using ip address of mail server.  Looks like it may be a DNS issue?  Everything DNS related on computers have been working just fine though.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now