Internet and SIP provider - route OB traffic

Hi all, first post here. Looking for some guidance in accomplishing the following:

 

XG135 will have two connections to the outside world:

ISP -->WAN (port 2) -> LAN1 192.168.100.x/24

SIP --> port 4 -> LAN2 192.168.0.x/24

 

Q1: since the SIP is essentially a LAN over Internet from the provider - they have supplied (private) IP and GW - is it better to treat port 4 as a LAN connection, or should I see this as a 2nd WAN? Does it even matter?

Q2: depending on the answer to Q1, I need to set up OB routing rules for SMTP traffic coming from the PBX on LAN2 going out to LAN1 (LAN2 only "understands" SIP traffic)

 

Any help on how to tackle this would be greatly appreciated.

 

Thanks for looking.

 

  • Hi  

    By the looks of thing you are doing a double NAT on your main internet connection, Port2.  Is this correct?

    A1: I take it your SIP phones will all connect to a backbone that connects to Port4 on the XG.  If this is the case, you should be fine to set it up either way.  However I would set it up as a WAN connection.  You would also need to disable the SIP helper on the XG otherwise you will have problems with audio.

    You can review the following KB articles for direction:

    https://community.sophos.com/kb/en-us/123523

    https://community.sophos.com/kb/en-us/127785

    A2: You can create a firewall rule to allow traffic between your 2 networks of local LAN and SIP networks and specify SMTP as a service.  The XG has a MTA module as well as a standard SMTP proxy module.  You can choose to go either route, however MTA mode may require further setup and configuration.  To keep it simple, switch to "Legacy Mode" on the email tab. Create the above rule as described.  Now depending on the IP/hostname used in your client's SMTP setup, you would then create a static route on the XG to specify the IP of your SMTP server and interface.  You could also create a policy based route rule on the XG within the same routing tab and use it that way.

    You can review this KB article for any information surrounding the various modes of routing you can do: https://community.sophos.com/kb/en-us/123579

    Thanks!

  • In reply to KingChris:

    Thanks for your response, and for the links. I felt a bit dumb, because right after I posted, with only a bit of searching I came across the link you mentioned re the firewall rules.

    I'll follow the guidelines for the SIP support and configure as needed.