Firewall Bandwidth Standards for VoIP

Typically, a voice over-ip-phone call will use less then 120kb. So if you might have, at most, have 10 people on the call in an office at the same time, you should have more than 1200kb, or 1.2M available at all times. Just to be sure, you could have 1M overhead beyond what is needed. So 2.2M available at all times. In firewalls that are connected to the wan ip address provided by an internet service provider, traffic shaping can be set up. All non-voip data should be limited to 2.2M under the maximum bandwidth provided by the ISP. So if you have 100M download and 20M upload, the firewall should be configured to limit all non-voip traffic to 97.8M Down and 17.8M up. To keep the numbers rounded and give a little extra overhead just in case, you could say 97M down and 17M up. Additionally, the total download and upload bandwidth of the firewall should be monitored so that if any voip issues are encountered (static on the lines or dropped calls) then graphs can be checked to verify if it occurred at a time of maxed out bandwidth, in which case the traffic shaping setup will have to be verified. Perhaps not all non-voip data was accounted for and restricted to 97M, or perhaps voip calls are taking up more bandwidth than expected.

It should be noted that most bandwidth monitoring tools, including the tools included with the firewall, will not be precise enough to show if the circuit is maxed because they will take an average of the data over 30 seconds. So the graph might show total bandwidth was under max, however there may have been instances when it was maxed. For example, in a 30 second period you could have 80% 80% 80% 0% 100% 40% (assuming the tool checks every 5 seconds) bandwidth and it would average those numbers and you wouldn’t see the 100% where there was not enough bandwidth to go around. So if the firewall can’t check at least every 5 seconds and not average it, then a separate tool would need to be used. Also ping is really good for this because if the firewall wan ip is pinged every second then even if the circuit is maxed for a few seconds you will see the drops and know it was probably maxed at that time and then the firewall traffic shaping rules need to be checked.

Once this is set up, there should be far fewer instances of problems with phone calls.