Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Subscribers 5 subscribers
  • Views 2831 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Star2Star VOIP - UTM Setup

Phreeze

My question / dilemma may require several steps.  I apologize in advance.

 

Star2Star is a VOIP provider in which it is somewhat proprietary / closed / locked down.  I inherited it and must live with it for a while.  They require their little "black box" have a Public IP address and sit at the edge of the network.  I'd rather not have a switch in front of my UTM/s in order to "Split" the internet connection.  They of course want their box in front with everything running through their box.. no thanks ...

So how do I make this work?

1. Physically - Can I just plug the box into any port on my SG210 and configure an interface and give it one of our Public Static IP's .

2. How do I let the connection to the Starbox be Open so it can communicate with Star2Star's systems ? 

3. Internally all the phones must be on VLAN 41 (Tagged) to work.  The Starbox hands out the DHCP address to the phones.  How do I let this happen/ work ?

 

Let's start there. 



This thread was automatically locked due to age.
  • 0

    Hi  

    First, you can simply plug the box to SG 210 on any of the Port but you will have to provide that Port an IP address in the range of VLAN41 (If it needs to also provide DHCP address to phone in the network). If you have a public Static IP and a different Gateway (than your WAN interface of UTM9) you may simply configure it that way.

    Second, you can use a DNAT rule provided you know how many ports are required to be forwarded to the box (also restrict it for the Star2Star's IPs).

    Third, you can configure a DHCP relay on UTM and ask the box to provide DHCP addressed.

    PS: I've suggested based on what I could interpret from your post. If you can provide more details, we can discuss and improve the plan to do that.

    Regards

    Jaydeep

  • +1

    I helped another Sophos reseller with this with a client of his last year and all traffic passed through the UTM and the *2* box was "behind" the UTM.  One of the tricks we had to use was that one connection between the *2* and the UTM was an untagged VLAN connection.  They have documentation explaining how to do this, but most (my impression) *2* installers don't know how to do what you want and will resist trying it.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Do you recall with this "untagged vlan"  what you entered for IP address  etc ... am I correct in my thinking that an "Ethernet" interface on the UTM is "Untagged"  but if you choose Interface type Ethernet VLAN  and enter the Tag ID then it is "Tagged"

  • 0 in reply to Phreeze

    That's my recollection of the experiments we did with the *2* and UTM at the time - they don't use the same terminology, so one of their installers would be confused by the UTM and would give a local UTM admin "incorrect" instructions.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0

    Unfortunately I am stuck with this same phone system as well.

    I can't stand them taking over my network so what I did was....

     

    (The below requires you having more than one IP from your ISP)

    1. Create a dedicated VLAN on your switch for your ISP network ie...VLAN 555
    2. Assign one of your Public IPs to your firewall ie..WAN1
    3. Assign one of your Public IPs to your Star2Star box.  To access this box you just plug a laptop into LAN2
    4. Connect your ISP Router into one of the VLAN 555 ports
    5. Connect LAN 1 or LAN 3 (I cant remember which) into the other VLAN 555 port

    Let me know if this helps or if you have any questions.

     

    Mike

Unfiltered HTML