VoIP Deployment with existing Firewall


I would like to deploy a Balance One at a location with hosted VoIP but leave their current data firewall in place. But I would like to have the phones run through the Balance One for QOS and SIP compatibility. Is there a way to place the data firewall behind the Balance One where that firewall can keep its public static from the ISP and still run a VoIP VLAN through the Balance one for QOS.


Hi gfbflash:

Unfortunately not with a Balance One. You’d need Drop-In Mode functionality which would be one step up from the Balance One, the Balance 210/310. Drop In Mode would allow you to bridge the subnet to the LAN. On the One, since it’s NAT-only, you need to port forward to the internal firewall (which will work without issue, just a bit more configuration needed).


I now have a 310 in Drop-in mode and the other VLANS do not have access to the internet. Is there something I am missing that allows me to run drop-in mode and a VLAN for VoIP on the Balance 310 at the same time?


Hello gfbfalsh,

When deploying in drop-in mode the Balance ends up basically becoming a part of the wire. Any traffic being handled directly by the Balance, in this case the VoIP VLAN that you have deployed, will require a second WAN connection. An advantage to providing a second WAN is that if first WAN (Drop-in mode) goes down, traffic will be routed out over the second WAN.


But at that point if the Non-DIM WAN goes down will the VoIP Fail-over to the DIM WAN?


Hello gfbfalsh,

You would not be able to route the VLAN VoIP traffic over the DIM WAN. For now that feature isn’t supported by our firmware but it does look like it’s on the road map. We don’t have an ETA yet.