Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Prioritize VOIP traffic using a ZyWall USG 100

Posted on 2015-02-24
8
Medium Priority
?
2,030 Views
Last Modified: 2015-03-24
All,
We have 1 ZyXel ZyWALL USG 100 firewall and 2 ZyXel ZyWALL USG 20W firewalls.

Our main office is the USG 100
Our satellite offices have the USG 20W 's
We have full control of both.
We are NOT using VPN between the firewalls.

For the purpose of this discussion, let's forget VPN.

We are having a problem where the VOIP phones at the satellite locations are having audio dropouts.

I've spoken with the phone vendor and a few other people and they suggest we prioritize traffic so VOIP ALWAYS gets priority.

If possible, I don't want to have to "carve off" dedicated bandwidth for this because they aren't using the phones 90% of the time. So in a perfect world - anytime there is VOIP traffic, it gets priority over EVERYTHING.

I did some additional research and found that the ZyWall's have a feature called App Patrol which sounds like it can help with this - I signed up for the trial service so we have that available as well.

Can anyone help me figure out how to prioritize the traffic?

MUCH appreciated!
0
Comment
Question by:rheide
  • 4
  • 4
8 Comments
 
LVL 40

Accepted Solution

by:
noci earned 2000 total points
ID: 40630252
You can enforce DSCP markings using a route.
(DSCP/DiffServ/Tos all are different tagging schema's for the same IP header field TOS.
For DSCP you are looking for Expedited Forwarding. (EF). Which is equivalent to TOS  LowDelay.
It all depends on the routers in between your endpoints following the rules of the TOS field.
IPSEC should propagate the TOS of the wrapped packet to the encapsulating packet.

Here you can find a little more:
Exact info: (RFC)
http://datatracker.ietf.org/doc/rfc2474/
More explained:
http://www.hep.ucl.ac.uk/~ytl/qos/diffserv_01.html
Also:
http://www.voip-info.org/wiki/view/DiffServ

App-Patrol is more or less like snort. It uses signatures to identify certain packet in the allowed streams that might indicate problems with the content.  So it will not help to speed things up, it adversely may slow your Firewall.
0
 

Author Comment

by:rheide
ID: 40675969
I'm still trying to figure this out.
0
 
LVL 40

Expert Comment

by:noci
ID: 40678467
if you need clarification then please state what needs to be clarified.
0
Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

 

Author Comment

by:rheide
ID: 40685808
I was hoping to find someone that is an expert with ZyXel firewalls to get step by step instruction.

** I am very appreciative of the information that has been provided but my problem arises when I go into the ZyXel interface as there are 1,000 options ;-)
0
 
LVL 40

Expert Comment

by:noci
ID: 40685969
Herewith I assume the you do known how to operate  mouse, keyboard, boot up  PC, logon into your OS, start a browser, open a session to the zyxel, logon there and select config from the menu, and select firewall.... and that you have reading abilities and a bunch more.

Ok, the DSCP markings are on the network, routing, network policy rule (keep DSCP markings, or you can set them).
Open a rule select the right marking and save...
and then you can save the rules with the settings i mentioned before.
0
 

Author Comment

by:rheide
ID: 40686176
Funny stuff - I'll assume you are joking and NOT being an a$$ ;-)

The problem is that I'm not an expert at networking which is why I asked the question. So when you say "save the rules with the settings I mentioned before" or "open a rule select the right marking and save", I'm still not sure what to save or set SPECIFICALLY.

** You may have a tendency to think I should research/search more about this but that is why I PAY for Expert-Exchange and I don't just google for results.

If you are just giving me a hard time, please respond back. If you are being serious (with the operating a mouse instructions), then don't waste the time.

Thanks!
0
 
LVL 40

Expert Comment

by:noci
ID: 40686288
yes it was meant jokingly..., (had a not too serious call before i wrote that..) rereading later i probably would have rephrased it.
the setting is called DSCP marking...

In my first answer there are 3 links..., and you do need to read them. Just pushing values doesn't help a lot and may just get you the wrong results. as the RIGHT setting heavily depends on what else is set.
(All setting work relative to each other)... If you set all to the same value they won't help a lot.
You should know what traffic passes the FW (filter/nat rules) and how they should compare.

And App-Patrol  would not help in to solve this.
0
 

Author Comment

by:rheide
ID: 40686289
Noci-
Thanks for the nice response!! I will read up on that and get it figured out.

Also - thanks for the heads-up on app-patrol - I'm sure I would have ended up going down that path!!
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question