Is there a way to segment off a new interface with a set bandwidth?

Hello all,

I want to segment out our VOIP connection for our provider. Can the UTM create an interface with max DL/UP speeds? Our provider says they have everything configured right, but since moving from DSL to fiber, it has been headache central for users.

At one of our locations we have symmetrical 150/150 Mbps fibre and I'd love to split off the VOIP stuff to their own ETH connection, with 10/10Mbps for their switch but also then bridge our network to theirs as some users tether to deskphones for a LAN connection. They use 198.168.X.X while we are on 10.X.X.X, and presently they do tagging VLAN 10/20 for voice/data.

Present:

ISP 150/150 <===> SG135 <==> W/L  ETH 0/1 <==> Our switches <==> Their switch <==> Their "PBX"

Desired

ISP 150/150 <==> SG135 <===> W ETH 0 <==> 140/140 OUR LAN 10.x.x.x   (ETH 1 - External IP 75.X.X.2
                                                                           ^   (Bridged)                                                                           
                                                                           ^<== > 10/10 Their LAN 192.x.x     (ETH 5 - External IP 75.X.X.10

TY,

-Dave

  • Hi ,

    Thank you for reaching out to the Community! 

    If you have uplink balancing configured, you could configure the multipath rule to send all the VOIP traffic go through a specific interface. 

    Check out the following KBA for more info: Sophos UTM: Uplink Balancing and Multipath rules

    Thanks,

     

     
    H_Patel

    Community Support Engineer, Support & Services | Sophos Technical Support
    Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' button.

  • I don't understand what's where now, Dave.  How about a diagram that shows PBX, phones and other devices with IPs?  What problem are you experiencing that made you want to know how to implement your solution?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hey Bob,

    Let me draw something up for you and I'll post it later today. I have a call in with the VOIP provider today and I want to see what they are going to try and deflect.

  • Let me know if the two drawings help out.

    Present

    Present Config

    Proposed

    Proposed

  • Nice work, Dave.

    I wonder if this isn't more easily addressed simply with Quality of Service and your current topology:

    1. A Bandwidth Pool on the Internal interface guaranteeing 10Mbps to 'Any -> {VoIP & VoIP response Services} -> Any'
    2. A Bandwidth Pool on the External interface guaranteeing 10Mbps to 'Any -> {VoIP & VoIP response Services} -> Any'

    The advantage to this QoS approach is that bandwidth not needed for the VoIP traffic can be used by the other traffic.

    If that doesn't solve your problem, you can "strangle" the non-VoIP traffic with Download Limiting rules:

    1. On the Internal interface, limit 'Any -> {VoIP & VoIP response Services} -> Any' traffic to 1000Mbps
    2. On the Internal interface, limit 'Any -> Any -> Any' traffic to 130Mbps
    3. On the External Interface, limit 'Any -> {VoIP & VoIP response Services} -> Any' traffic to 1000Mbps
    4. On the External Interface, limit 'Any -> Any -> Any' traffic to 130Mbps

    Rules 1 and 3 create, in effect, an "Exception" for VoIP traffic when rules 2 and 4 are applied.

    Does that get you where you want to go?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA