Router Recommendation

Small company, 30 users, the TP-LINK TL-ER6120 we use translates the external 5060 to 25593 or so, so at flowroute, it shows up as 25593, and flowroute is saying not to do this.

Anyone know a decent router, also decently priced, that does not alter the external 5060 port?

OK, well…anyone used pfSense successfuuly with freePBX?

For the small satellite offices the Cisco 5505 works well for our company.

The Juniper SSG5 is a router firewall that runs the same software as the larger Enterprise stuff.

That particular model is End of Sale this year so lots of good deals on them new and reconditioned.

Schmooze runs the FreePBX and Schmooze infrastructure on Juniper. It’s solid as a rock.


Yep, that’s the one. Good price for a new one.

YES - -

Been using it for years, latest release 2.1 is just out. This is a great solution for FreePBX and Asterisk ISOs in general… 2.1 Release announcement –

My 2 cents is not a fan of software based firewalls. ASIC based single purpose devices are more reliable and faster, IMHO.

Their whole network id gigabit, any recommendation on a gigabit capable juniper?

Why do you need a Gig router? Is the Internet connection faster than 100 Meg? Will you be routing traffic between LANs at Gig speed? If no than you really don’t need a Gig router because once you leave the local LAN segment the speeds are not Gig.

I am not saying you shouldn’t use a Gig router but you probably will not see any real difference in speed with a 100 Meg vs. Gig and the Gig will cost more.

Internally it is giga up through the current router, all LAN is giga capable, but if it really makes no difference, then I am ok with it, as the price certainly seems reasonable. Is there a way on the network to separate out voice from data, then I could just route everything out their 2nd isp provider and try to keep voice and data separated.

You can use VLANs to separate the voice and data traffic.

It would make no difference as long as your Internet speed is not over 100M.

If you intend to put your servers in a DMZ and let the Juniper route from the DMZ to your trusted LAN then you need the Gig port and in the case you want an SSG320

These are design assumptions we can assume to answer your questions.

Lastly, if you have a managed, VLAN capable switch, you should run a Voice VLAN. However you would not apply the QoS to the VLAN. QoS goes in a policy so RTP traffic (voice bearer) gets prioritized on the Untrust LAN connection.

If you would like this professionally setup I can do it for you remotely.

The switch is a netgear GS724Tv3. I will order the 100mbit juniper router. No DMZ.

The desktop computers all have giga adapters and use unmanaged giga switches for data, and the ip phones also plug into those switches, but they each share a single cable through the walls back to the netgear switch. There is no way to add more wiring through the ceiling and walls to truly separate them.

So I assume you can create the vlan’s and still separate the voice versus data at the switch?

Then I could either route the data through Time Warner via the current TP-LINK TL-ER6120, and route the voice through the other ISP, possible? Or just use the juniper for both voice and data?

I would certainly consider professional remote installation depending on price.

In any case, thanks for all the support.

You could have dual Internet feeds and use one for voice.

I don’t know enough about your network to know if you have issues on the LAN. You can’t run VLAN’s via unmanaged switched.

all the small unmanaged switches feed into the managed switch, that ok?

on plane, gotta run.

No, not OK at all. 802.1q tagging, how VLAN’s are implemented is implemented at the switchport level. It can’t be spanned.

I should bypass vlan altogether, just get another switch and juniper and build a 2nd network, assuming I can run wire for the phones, which may not be so possible. Nothing is easy :slight_smile:

I ordered the SSG5, it will be here Friday, in the meantime, using a EA4500 as a temporary measure. I run the phone and the computer hosting FreePBX through an unmanaged switch. I also ordered another smart switch. I set up a separate network, independent of the data network. I set up one phone for a user, to see how it all goes. T38 is working, voice is working, the only complaint is she says it sounds like she is talking ‘underwater’, or ‘in a drum’. Any ideas how to mitigate that? Thanks. She is currently the only one of the network, The hine is a T22P Yealink.

Can anyone send me the ‘best settings’ or a sample set for VOIP on the SSG5, maybe some scren shots…? Thanks