Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 39 subscribers
  • Views 1472 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VoIP Traffic Through Secondary WAN Port

daniel_schmidt

Hi All.

Firstly, thank you for your time to help!

Let me give you a quick breakdown of my network and then I will explain what I am trying to do.

I have a XGS 2100 running on v20 SFOS. I have 2 ISP connections, a primary and a backup. (I have set them like this in WAN-Link Manager.)

I then have a DHCP LAN going to my internal network, which has a couple of VoIP base stations that our VoIP phones connect to.

What I am trying to do is direct the VoIP traffic through the "backup" ISP connection and have the rest of my internet traffic flowing through the "primary" ISP connection.

This is my first time using a Sophos Firewall and I have tried everything I can think of, but to no avail!

I thank you again for your help to help me solve this!

Kindest Regards.

Daniel.



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to daniel_schmidt

    Hi,

    what have you tried from the link that Erick provided? Linked NAT or SD_WAN?

    Ian

    XG115W - v20.0.3 MR-3 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Hi Ian.

    I tried the SD-WAN Route.

    I already had a general LAN to WAN, so I created another rule which I called VoIP to WAN 2.  

    I then added the SD-WAN Route VoIP to iUncapped.

    And a SD-WAN Route LAN to WAN.

  • 0 in reply to daniel_schmidt

    Hi Daniel,

    Can you try using the Link selection setting "Select SD-WAN Profile" and applying it to the correct SD-WAN Profile?

    For reference please see the KB above.

    Erick Jan
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

  • 0 in reply to Erick Jan

    Please correct me if I am wrong, but the SD-WAN Profile controls which ISP to use based on certain metrics like latency and jitter?
    If this is the case, I'd prefer to have a fix "Primary" and "Backup" through the WAN Link Manager with a failover.

    The reason for this preference is the connections aren't very stable (the site is rural) and I don't want the SD-WAN Profile switching WAN ports every time there is a latency spike.

    What I can't seem to understand is why doesn't a simple rule and NAT telling the firewall that all traffic coming from and going to these local IP addresses must go through the selected WAN port. Regardless of what the traffic is.

    Again, please correct me if I am wrong and thanks for all the help!

Unfiltered HTML