PIX 501: can it do QoS?

- J
- JSang
  
  Contact options for registered users
posted
19 years ago

Fri, Apr 8, 2005 2:31 AM

I use Vonage as my phone provider and would like to know if I can place the VoIP adapter behind the PIX 501 and use QoS?

- W
- Walter Roberson
  
  Contact options for registered users
Vote on answer
posted
19 years ago

Fri, Apr 8, 2005 2:46 AM

In article , JSang wrote: :I use Vonage as my phone provider and would like to know if I can place the :VoIP adapter behind the PIX 501 and use QoS?

No PIX software release through 6.3(4) supports QoS.

PIX 7.0 apparently supports some QoS (I haven't had time to read that part of the documentation yet), but PIX 7.0 is supported only on the 515, 515E, 525, and 535.

- R
- R Siffredi
  
  Contact options for registered users
Vote on answer
posted
19 years ago

Fri, Apr 8, 2005 4:21 AM

- W
- Walter Roberson
  
  Contact options for registered users
Vote on answer
posted
19 years ago

Fri, Apr 8, 2005 4:25 AM

In article , R Siffredi wrote: :Do any special ports need opened for vonage?

A quick search shows an sample (user-provided) configuration at

formatting link

- R
- R Siffredi
  
  Contact options for registered users
Vote on answer
posted
19 years ago

Fri, Apr 8, 2005 5:27 AM

Searched the forum like you said, however I have ended up with more questions. It seems that I would need to create a static to the phone adpater and then permit these ports. One other post said the fixups should work so you don' have to open ports? Which is correct?

SIP ports 5060 through 5061 using UDP protocol * NTP port 123 using UDP protocol * TFTP port 69 using UDP protocol * DNS port 53 using UDP protocol * RTP ports 10,000 through 20,000 using UDP protocol

Since each firewall may be designed differently, please consult firewall owners manual for further information.

Thanks

- W
- Walter Roberson
  
  Contact options for registered users
Vote on answer
posted
19 years ago

Fri, Apr 8, 2005 11:07 PM

In article , R Siffredi wrote: :Searched the forum like you said, however I have ended up with more :questions. It seems that I would need to create a static to the phone :adpater and then permit these ports. One other post said the fixups :should work so you don' have to open ports? :Which is correct?

Sorry, I have not had any opportunity to work with Vonage or VOIP, so I cannot give an authorative answer. This matters can depend on whether you only make outgoing calls or if your equipment must also accept incoming calls.

: * SIP ports 5060 through 5061 using UDP protocol

I would expect the SIP fixup to take care of that for outgoing calls.

: * NTP port 123 using UDP protocol

I wouldn't have expected VOIP to need a time protocol.... but I have never researched VOIP. NTP by its nature expects a fairly fast response, so outgoing NTP requests should be entirely taken care of by the normal UDP adaptive security. Plausibly though two endpoints need to use NTP to negotiate a timebase so plausibly there is a need for incoming NTP -- if so then I would expect the SIP fixup to take care of this, unless the need were special to Vonage.

: * TFTP port 69 using UDP protocol

I would expect TFTP even less than NTP (but again, that could be my VOIP naivity.) I am having difficulty [in my VOIP ignorance] in thinking of a reason why TFTP might be required.

: * DNS port 53 using UDP protocol

Outgoing DNS is normally entirely taken care of by fixups, provided that the remote system responds within a reasonable amount of time. If the remote system might take more than 30 seconds to respond, then rather than opening a port you might want to increase the UDP timeout.

: * RTP ports 10,000 through 20,000 using UDP protocol

I would expect the SIP fixup to take care of that.