This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

QoS + VOIP, SIP client phones to Internet server

So I've read and read, and read some more all sorts of different posts and none of them are real clear.  QoS on the UTM seems to be all about throttling and limiting.  Is there a way just to use QoS prioritization like cheap routers/firewalls will and all the other commercial ones will?

I have 4 Cisco SPA525G VOIP phones using SIP + RTP to communicate to my cloud hosted "pbx".  If we're not using the internet everything works well.  However, if I decide to upload a file to dropbox or exchange or whatever, the phones degrade horribly, downloading seems to not affect it as much.  I have an 18Mbit down, 1.5Mbit up connection.  According to my VOIP provider, "marking OSI Layer 2 packets with high-priority (5) class tags (802.1p and IP Precedence)", and they tag all of their voice packets with DSCP value of 46. 

So what settings are required to give these packets absolutely priority over everything else.  I shouldn't have to set guaranteed bandwidth with priority being given to them.  If priority is utilized it should just put them to the front of the line no matter if I have 1 phone in use or all 4 of them.

EDIT: SG135W running 9.412-2 if that matters.

Thanks!



This thread was automatically locked due to age.
  • When it comes to QoS, it helps to describe what you're observing that makes you ask questions.  Before we assume that it is QoS, see #1 in Rulz and confirm that you're not seeing an issue with Anti-UDP Flooding activity.

    If your ISP doesn't support TOS and DSCP bits, you have no choice other than to use Download Throttling rules to reserve bandwidth for inbound VoIP traffic.  On the External interface, limit inbound VoIP traffic to 100Mbps followed by a rule that limits all traffic to 17.5Mbps.

    Also, on the External interface, create a Bandwidth Pool guaranteeing outbound VoIP traffic 0.5Mbps.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • UDP Flood is disabled.

    Downloading files doesn't degrade the connection.  Only uploading of files does that.  And doing what you are suggesting is bandwidth reservation or throttling, not QoS and prioritization.  Which most residential grade firewalls / routers costing over $100 bucks will do with a checkbox.  Let alone other commercial grade firewalls that will do with QoS priority levels without ever having to touch throttling or bandwidth rules.

  • Hi, 

    QoS Prioritization is possible with our Next Gen Firewall, ' The Sophos XG'. You may be interested in migrating to the SF-OS version now as the migration tool is ready. Refer the guide here to compare both the products.

    Alongside, raise this as a feature request for Sophos UTM here.

    Cheers-

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • I don't understand how something this simple is not built into this product that costs this kind of money already.

  • I'm wondering if the VoIP feature in the GUI would come into play here? I've not used it but I understand that it does a few things behind the scenes, so to speak.

    And I think it's geared towards your setup too ie using VoIP via the internet.

    https://community.sophos.com/kb/en-us/120284

    Although I'm not sure whether it does any QoS transparently.....

  • Already have that in use, and it doesn't do anything for this.

  • This link any help?

    https://community.sophos.com/kb/en-us/115020

    You will have to apply some sort of download/upload rule because the UTM will have to know about the maximum bandwidths it can use. We have to do this on Cisco's routers etc.

    At that point, you can then apply the prioritization to a bandwidth eg guarantee DSCP 46 1000kb/s

  • I'm sorry, but that is NOT priority.  That is throttling and bandwidth guarantee.  Priority says this packet always gets precedence down the pipe over this packet, or this class of packets vs that class. So with true priority it doesn't matter how much bandwidth you have, the highest priority data packets will always be pushed down the pipe first over every other lower priority packet.

    If you have a pipe that is 10 lanes wide.  That means you can send 10 packets at once.  In your case you want to allocate say 5 number of lanes IF that data gets found.  So you are hard setting a number.  What happens if you use less than that, say only 1 lane?  Oh well the rest of the 4 lanes are blocked because of that guarantee until that 1 guy gets done.  In true priority you say all people with a orange flange above them get to go first.  So if 1 guy shows up, 1 lane given to him, if 10 show up, all 10 are given to him and the rest are forced to wait until the orange flags go away.  It doesn't matter then if your pipe is 1 lane wide, or a million wide, the people with the flags get to go as soon as they show up.  Hence, priority.  All you have to do to define priority is make sure that the flags are set correctly.   Which there are some nice RFCs out there that standardize all of that.

    The current implementation is entirely too complicated for what is needed.

  • Straeter, as a mod, I can see that you're in the USA, so this is not a cultural difference.  People come here to get and give help.  If you're here to argue or pick fights, you're not a participant in our community.  You're welcome here if you play nicely.  Otherwise, please move on.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • I'm sorry but what does a cultural difference have to do with anything?  I'm asking how to do QoS prioritization.  Sophos UTM does not currently have that option it seems.  Everyone just has workarounds for it.  I was hoping to find a true prioritization option somewhere; but alas, it does not exist.  The only option I got was to buy yet another piece of hardware from Sophos, when I just purchased this one last year because my last one become obsolete.  With QoS prioritization missing, this product does not seem to be ready for commercial use. 

    I appreciate the answers that I received, but they're not the answer to the question that I have posed.  Priority queuing has been around in other devices for years.