Is there a way to segment off a new interface with a set bandwidth?

Hello all,

I want to segment out our VOIP connection for our provider. Can the UTM create an interface with max DL/UP speeds? Our provider says they have everything configured right, but since moving from DSL to fiber, it has been headache central for users.

At one of our locations we have symmetrical 150/150 Mbps fibre and I'd love to split off the VOIP stuff to their own ETH connection, with 10/10Mbps for their switch but also then bridge our network to theirs as some users tether to deskphones for a LAN connection. They use 198.168.X.X while we are on 10.X.X.X, and presently they do tagging VLAN 10/20 for voice/data.

Present:

ISP 150/150 <===> SG135 <==> W/L  ETH 0/1 <==> Our switches <==> Their switch <==> Their "PBX"

Desired

ISP 150/150 <==> SG135 <===> W ETH 0 <==> 140/140 OUR LAN 10.x.x.x   (ETH 1 - External IP 75.X.X.2
                                                                           ^   (Bridged)                                                                           
                                                                           ^<== > 10/10 Their LAN 192.x.x     (ETH 5 - External IP 75.X.X.10

TY,

-Dave

Parents
  • I don't understand what's where now, Dave.  How about a diagram that shows PBX, phones and other devices with IPs?  What problem are you experiencing that made you want to know how to implement your solution?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Let me know if the two drawings help out.

    Present

    Present Config

    Proposed

    Proposed

  • Nice work, Dave.

    I wonder if this isn't more easily addressed simply with Quality of Service and your current topology:

    1. A Bandwidth Pool on the Internal interface guaranteeing 10Mbps to 'Any -> {VoIP & VoIP response Services} -> Any'
    2. A Bandwidth Pool on the External interface guaranteeing 10Mbps to 'Any -> {VoIP & VoIP response Services} -> Any'

    The advantage to this QoS approach is that bandwidth not needed for the VoIP traffic can be used by the other traffic.

    If that doesn't solve your problem, you can "strangle" the non-VoIP traffic with Download Limiting rules:

    1. On the Internal interface, limit 'Any -> {VoIP & VoIP response Services} -> Any' traffic to 1000Mbps
    2. On the Internal interface, limit 'Any -> Any -> Any' traffic to 130Mbps
    3. On the External Interface, limit 'Any -> {VoIP & VoIP response Services} -> Any' traffic to 1000Mbps
    4. On the External Interface, limit 'Any -> Any -> Any' traffic to 130Mbps

    Rules 1 and 3 create, in effect, an "Exception" for VoIP traffic when rules 2 and 4 are applied.

    Does that get you where you want to go?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Nice work, Dave.

    I wonder if this isn't more easily addressed simply with Quality of Service and your current topology:

    1. A Bandwidth Pool on the Internal interface guaranteeing 10Mbps to 'Any -> {VoIP & VoIP response Services} -> Any'
    2. A Bandwidth Pool on the External interface guaranteeing 10Mbps to 'Any -> {VoIP & VoIP response Services} -> Any'

    The advantage to this QoS approach is that bandwidth not needed for the VoIP traffic can be used by the other traffic.

    If that doesn't solve your problem, you can "strangle" the non-VoIP traffic with Download Limiting rules:

    1. On the Internal interface, limit 'Any -> {VoIP & VoIP response Services} -> Any' traffic to 1000Mbps
    2. On the Internal interface, limit 'Any -> Any -> Any' traffic to 130Mbps
    3. On the External Interface, limit 'Any -> {VoIP & VoIP response Services} -> Any' traffic to 1000Mbps
    4. On the External Interface, limit 'Any -> Any -> Any' traffic to 130Mbps

    Rules 1 and 3 create, in effect, an "Exception" for VoIP traffic when rules 2 and 4 are applied.

    Does that get you where you want to go?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data