VoIP quality (outbound) poor

Please show pictures of the Edits of your relevant Traffic Selectors, Bandwidth Pools and Download Throttling rules.

Cheers - Bob

Please show pictures of the Edits of your relevant Traffic Selectors, Bandwidth Pools and Download Throttling rules.

Cheers - Bob

I'll post them within a day or two. Client is currently using the old router for the moment and I don't have access to the Sophos.

I think I may have found my issue when I was taking these screenshots....specifically in Bandwidth Pools, I had never noticed the Bound to Interface option. I had originally created the bandwidth pools under the Internal interface. I have since re-created it under External (WAN) as pictured.

It's after hours right now so I won't be able to test this change with the client for another 12 hours. 

I was able to test by calling their main number which goes to a night mode message...and it works!! Hoo-freaking-ray. When listening to the night message, I can enable the 'upper bandwidth limit' and set it to 1kb and the quality goes to absolute shit. I then disable that limit (and have a guaranteed bandwidth of 5024) and get crystal clear quality.

Of course, real test is still tomorrow when the network is seeing normal use but fingers crossed.

In the mean time, let me know what you think of the below. I was going a bit crazy so created multiple traffic selectors to make sure the traffic was being selected.

Looks good!  Just organizing things to get help from others is the fastest way to solve a problem sometimes!

Each Traffic Selector is considered until a match is found, then no others are considered.  An extra one probably makes little difference.  In any case, I would normally put all of the "Engin VoIP" and "VoIP Protocols" into a single Services group.

Cheers - Bob

Bad news - while the VoIP quality is definitely improved. it still goes pear shaped at different times through the day. Outbound quality is still the issue. QoS must be working because I was able to artificially limit the bandwidth available to it and cause the quality to drop massively. 

Their cheap, poor quality ISP supplied modem does a better job with no special settings :(. Any thing else I'm missing?

I will tidy up the service groups, etc.

Intrusion prevention is still disabled and I've added the VoIP systems to an exceptions list to skip anti-flooding checks. Advanced Threat is also disabled.

Keep your eye on the Intrusion Prevention log as VoIP suppliers often aren't completely knowledgeable about their products.  I wouldn't select anything more than 'Anti-DoS/Flooding UDP' in the Exception.

Why do you think the problem is outbound traffic?

Cheers - Bob

I assume it's an outbound issue because my client can hear their customers perfectly fine at all times but the customers have problems with the call quality from my client.

I've made the change to the exception list. I also tidied up my traffic selections and bandwidth pool. 

Traffic selector is now Any > Engin VoIP Group (includes all RTP, SIP, H232, etc) > Any. Bandwidth Pool uses that traffic selector and I've given it even more guaranteed bandwidth now @ 10240kbit/s

What other ports does your voip service use and how are they leaving the UTM?

From their support: 5060-5070 and 16384-20384 with TCP protocol.

But, my firewall rule for VoIP is completely open. Internal Phone System > ANY > VoIP Provider.

I've now changed the QoS to match. Traffic selector now selects Internal Phone System > ANY > VoIP Provider.

In the live firewall log, I'm seeing UDP traffic on port 5060 going from internal phone system to the VoIP provider and being allowed.

a older thread, but check this