Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 3 subscribers
  • Views 1429 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Routing Only VoIP to second interface.

Jeremy Cornwell

We had a contractor set up our SG135 initially and assumed it was configured to route all VoIP traffic over our second interface (fiber) and all other traffic over our coaxial interface. I had a chat recently with Dialpad (our VoIP) and they told me that the specific call we were investigating was coming from our coaxial IP address. Does this mean that the device isn't configured correctly and what exactly is the proper way of setting this type of routing up? Thanks.



This thread was automatically locked due to age.
  • FormerMember
    0 FormerMember

    Hi Jeremy Cornwell,

    It sounds like you do not have Multipath rule configured to use second interface(fiber) for VOIP traffic. Do you know if you have your PBX server in your internal network or it is external? Based on this detail, I should be able to guide you with the Multipath rule configuration. 

    Could you please navigate to the Interfaces & routing > Interfaces > Uplink Balancing and PM me the screenshot? Also navigate to the Multipath Rules and take screenshot and PM me. 

    Thanks,

     

  • 0 in reply to FormerMember

    The PBX is external. Thanks for your assistance. Screenshots sent.

  • FormerMember
    0 FormerMember in reply to Jeremy Cornwell

    Hi Jeremy Cornwell,

    Thank you for the screenshots. 

    It looks like you do have correct Multipath rule for VoIP network, it is configured by interface and with the fiber interface. If you did that test call from the VoIP network that traffic should go out through fiber interface only.

    I would suggest you to take packet capture on the UTM when you do that test call, take packet capture on PBX server IP address and check if it is leaving firewall with correct interface IP address or not.

    Here is the link to the KB Article on how to SSH into UTM : Sophos UTM: How to access the UTM shell via SSH using PuTTY

    In my case, 192.168.1.100 is the traffic initiator and WAN interface is eth1.


    <M> H_Patel:/root # ifconfig eth1
    eth1 Link encap:Ethernet HWaddr 00:1A:8C:F0:EF:01
    inet addr:10.118.200.211 Bcast:10.118.200.255 Mask:255.255.255.0
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:25808625 errors:0 dropped:27 overruns:0 frame:0
    TX packets:13493766 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:15923763181 (15186.0 Mb) TX bytes:1841046844 (1755.7 Mb)

    I started ping to 8.8.8.8 from source device with IP address 192.168.1.100. 

    <M> H_Patel:/root # tcpdump -nei any host 8.8.8.8
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes
    22:31:15.514523 Out 00:1a:8c:f0:ef:01 ethertype IPv4 (0x0800), length 76: 10.118.200.211 > 8.8.8.8: ICMP echo request, id 1, seq 331, length 40
    22:31:15.524754 In 00:1a:8c:f0:72:a0 ethertype IPv4 (0x0800), length 76: 8.8.8.8 > 10.118.200.211: ICMP echo reply, id 1, seq 331, length 40
    22:31:15.524965 Out 00:1a:8c:f0:ef:00 ethertype IPv4 (0x0800), length 76: 8.8.8.8 > 192.168.1.100: ICMP echo reply, id 1, seq 331, length 40
    22:31:16.515960 In 4c:cc:6a:a7:88:06 ethertype IPv4 (0x0800), length 76: 192.168.1.100 > 8.8.8.8: ICMP echo request, id 1, seq 332, length 40
    22:31:16.516109 Out 00:1a:8c:f0:ef:01 ethertype IPv4 (0x0800), length 76: 10.118.200.211 > 8.8.8.8: ICMP echo request, id 1, seq 332, length 40
    22:31:16.526444 In 00:1a:8c:f0:72:a0 ethertype IPv4 (0x0800), length 76: 8.8.8.8 > 10.118.200.211: ICMP echo reply, id 1, seq 332, length 40
    22:31:16.526555 Out 00:1a:8c:f0:ef:00 ethertype IPv4 (0x0800), length 76: 8.8.8.8 > 192.168.1.100: ICMP echo reply, id 1, seq 332, length 40
    22:31:17.518103 In 4c:cc:6a:a7:88:06 ethertype IPv4 (0x0800), length 76: 192.168.1.100 > 8.8.8.8: ICMP echo request, id 1, seq 333, length 40
    22:31:17.518281 Out 00:1a:8c:f0:ef:01 ethertype IPv4 (0x0800), length 76: 10.118.200.211 > 8.8.8.8: ICMP echo request, id 1, seq 333, length 40
    22:31:17.528610 In 00:1a:8c:f0:72:a0 ethertype IPv4 (0x0800), length 76: 8.8.8.8 > 10.118.200.211: ICMP echo reply, id 1, seq 333, length 40
    22:31:17.528749 Out 00:1a:8c:f0:ef:00 ethertype IPv4 (0x0800), length 76: 8.8.8.8 > 192.168.1.100: ICMP echo reply, id 1, seq 333, length 40
    ^C

    In above tcpdump we can see that traffic is leaving with eth1 IP address. In your case when you run tcpdump on PBX ip address you should see traffic leaving firewall on fiber interface.

    Thanks,

     

  • 0 in reply to FormerMember

    The tcpdump shows no VoIP traffic when analyzed with wireshark after running on the fiber interface.

  • FormerMember
    0 FormerMember in reply to Jeremy Cornwell

    Hi Jeremy Cornwell,

    Could you please PM me the screenshot from Network Protection > NAT > Masquerading? There should be a Masquerading rule for your VoIP network to use Fiber interface. 

    Thanks,

  • 0 in reply to FormerMember

    So wireshark failed to find VoIP traffic on the fiber connection when using Telephony, but I did find SIP traffic when manually filtering. So I see all the SIP traffic on fiber interface and none on coaxial but our VoIP provider saw this particular call originate from the coaxial interface. What would cause that to happen? 

  • 0 in reply to Jeremy Cornwell

    Go to the 'Bandwidth Usage' tab in 'Network Usage' and check 'Top servers by service' (maybe 'clients', too) for "SIP" and "SIP over SSL" for the last 7 days - any luck with that?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML