Seems like there we do have a problem with using both WANs WAN1 and WAN2 (no failover) with VOIP phones.
The sound works, sometimes not, call breaks in the middle. Currently using WAN1 as main and WAN2 as failover, since in such config all works just fine.
I am pretty sure its configuration issue - what am I missing?
I’m not positive but I believe you will need to bind the VOIP traffic to one WAN connection because otherwise packets will get split over both and produce the errors you are experiencing…
We use VoIP with multiple WAN every day. You have to write an outbound rule binding them to one outbound WAN or your results will be unpredictable. We typically use source=any, destination=VoipProvider.com, with Priority algorithm.
If you use multiple providers, or if you don’t want to direct all types of their traffic over one WAN, you could filter by ports. You would need:
source=any, type=udp, port range 5060-5064, destination=any, Priority algorithm
source=any, type=udp, port range 10,000-20,000, destination=any, Priority algorithm
thank you Don, this is good I believe for balance mode but for fail over mode its not good. If I have WAN1 down and WAN2 as failover and all traffic will be forced by WAn1 then - tragedy. that rule would be catastrophic. Unless I am missing something here.
Thats exactly why I suggest using Priority mode, not Enforced. With WAN1 Priority, if WAN1 is down, traffic will go to WAN2.
I guess I have to pick both WANs asn always ON (Priority 1) and leave independent from BACKUP WAN as not enabled - correct ?
another question is how can I make outbound rules for RDP ports 10000 UDP if these phones are using - I dont see any RDP protocol when list all in outbound rules
there is https persistent rule and I wonder if I can do same thing for that rule since Comcast Fiber is probably the best route for that
Your outbound rules are ok but you don’t need to list those destination networks specifically if you want all outbound SIP to use that WAN. Just list destination ANY instead of the destination network. Still of course need UDP and the port range. You only need 10,000 - 20,000 for RDP. SIP is usually just 5060, but I use 5060-5064 because thats the standard.
I see, also regarding HTTPS outbound traffic when use both WAN as ALWAYS ON PRIORITY 1
there is default persistent HTTPS rule but on the TOP I just created HTTPS with priority algorithm so should I be ok or just delete the persistent rule?
There is generally no need for HTTPS to be priority to a single WAN. That would mean all outbound https traffic (which is 99% of web browsing) would only use that WAN. Is that your desire?
The default https persistent rule is important to prevent the load balancing system from moving a user’s session from one WAN to another. For example you log into a secure web site, lets say a bank. The bank’s web site has authenticated your session coming from a specific WAN. Without persistence, the load balancing algorithm could switch the session to another WAN. The bank’s server would see that as a different user and terminate the session. With persistence the session will stay on a specific WAN for the duration of the session.
Don’t over think it. The default works well in most applications.
Blockquote There is generally no need for HTTPS to be priority to a single WAN. That would mean all outbound https traffic (which is 99% of web browsing) would only use that WAN. Is that your desire?
Blockquote
Yes i would rather use only one WAN1 instead of both for HTTPS
