We currently have an MX84 on our network with redundant ISPs (a 50\50 fiber and a 50\10 coax) and two VLANs. One VLAN for clients and phones (Same network for backup purposes) and the other VLAN for servers. We have a relatively new VoIP service as well and were having VoIP QoS issues. I was working with the provider to determine why the QoS was so bad and could not determine the issue.
As it happened our Coax went out a few weeks ago and our QoS increased immensely. After some testing I found that the simultaneous connection of the Coax and the fiber is causing the QoS issue. After doing a good amount of research I believe that the issue might be that the firewall requires NAT to ensure that the phones have a solid connection.
I was wondering if users with VoIP and and VLANs prefer 1:1 NAT or 1:Many NAT? Is their one that you find works better with VoIP? I am hoping that I do not have to make too many rules for each user.
Any help would be appreciated.
1:1 would be a single WAN IP to a single LAN IP. 1:Many could be a single WAN IP to multiple different LAN IPs as long as they are different ports/protocols. Just keep in mind with two ISPs you may need to create NAT rules for each ISPs WAN IPs. Also if one of the ISP/circuits goes down it will likely interrupt a portion of your VOIP calls no matter what since those streams would be actively going across one of the circuits and will have to establish over the other circuit.
For that I would use a flow preference.
Security Appliance>Traffic Shaping
There you can set source or destination based rules to prefer a WAN connection. Then it'll only use the other if that WAN connection fails. If you want to get more fancy you can use performance classes on that same page to prefer whichever WAN connection has the lowest latency 😉
i wonder if sip at meraki also reconize rtp or only signaling. if not, you would be better of adding the voip subnet to the rule.
not sure why a email server need high priority.
What are you doing 1:1 NAT with currently? Did the VoIP provider give you an on-prem device that they are asking you to forward traffic to or something else?
Do you have any traffic shaping rules defined on the MX to ensure voice traffic is giving the correct priority?
I am not using NAT currently and the VoIP provider did not provide any on Premise device only the VoIP phones that we purchased.
I have set Traffic Shaping Rules making SIP (Voice) a High Priority object with no bandwidth limit and no DSCP Tagging. I have also added our main web page and Mail server as high priority with a limit of 39 Mbps and everything else as normal with 15 Mbps (We have 100 Mbps Fiber).
With the current Traffic shaping rules we are getting 99% QoS (without the coax connection) this is why I thought it might be a NAT issue.