I use Vonage and have the device connected to a LAN port on my Z100G. I have occasional voice drops when using the phone due to firewall blocks on the Z100G. I know that rules can be set for port forwarding. However, I would like to set the Vonage device in front of the Z100G so that no firewall activity is possible on the phone. I have tried this configuration as: Cable modem >> Vonage Device >> Z100G. When I set it up this way, the phone works and I have no internet connection on the Z100G.

Has anyone successfully done this configuration and if so, how?

This is how I have my Vonage Device configured. Cable modem >> Vonage Device >> Z100G. Don't forget to modify the wan port setting on the Z100g to DHCP instead of Cable Modem.

I tried that with limited success. I set my WAN port to LAN, DHCP and noting would connect. I changed my Z100G LAN and WLAN DHCP setting as Relay and I did show internet connectivity, yet could not connect to the internet. Must be a small setting I'm overlooking ?

I do remember that I had to disconnect and reconnect as it would connect but not find the dns server so it would not resolve any names!

BTW I have removed my z100g as it had gone bursty and testing my connection to dslreports I was getting a very bursty 2 or 3 MB upload and my ISP connection is 16Mb. Removing the z100g, going straight through the cable modem I get 11MBs and not bursty! Replacing the z100g with my old Belkin wireless I get the same as going direct. Just keep an eye on the bandwidth.

If you have the a Motorola vt1000 vonage box as I do you can try the following. Just had a thought, you could put a static address on the z100g wan port of 192.168.102.102 mask 255.255.255.0 Gateway 192.168.102.1 and DNS you will have to get from the vonage box just open a browser to 192.168.102.1. This will also work if you have a different adapter and can find the IP information.
Good luck. Keep trying it does work and you get much better reception on the phone.

Well shoot. It just doesn't work at all that way. I tired what you suggested and what Vonage tech support suggested. Phone works and I have no internet connectivity.

Hmm.
OK. With the vonage box between the cable modem and the z100g (dhcp assigned) can you do the following?
1. I assume you have a pc connected to the LAN of the Z100g. Open a command (DOS) window (start/run/cmd & enter) and type the command >ipconfig/all and tell me what you get for the following?
2. IP address?
3. Subnet mask?
4. Default Gateway?
5. DNS Servers?

If you have addresses registered against the DNS server type >nslookup ibm.com Let me know what happens?

What is the Network address assigned to the WAN port on the z100g?

I think that my main problem in using this configuration is that I am using one of the newer Vonage devices, the V-Portal. It has a firewall of it's own. So, I am dealing with two firewalls when the V-Portal is connected as the primary device, meaning between my cable modem and router. I have been able to show connectivity on the Z100G when it's configured the way you suggest. However, there is no internet connectivity and I'm guessing that the V-Portal has to be configured to have ports forwarded. Such as http protocol on port 80. There is a setting on te V-Portal to act as DMZ host. For what I understand, that is a wildcard forwarding of all protocols and ports. I tried that yesterday and it still didn't work. I think thta' because I still don't have the V-Portal DMZ setting correct. There is no option on th eV-Portal to just trun ff the firewall as I would like to do. So, I'm going to have to research the DMZ option a bit more.

I have configured my Vonage V-Portal as a DMZ host. I now have both internet and service center connectivity. However, traffic is still being blocked. Sofaware knowledge base says that a custom rule need to be created and to consult the safe@office user's guide. I did that and the info for creating this type of custom rule is almost non-exsistant. So, I'm almost there. I just need out figure out how the rule should look and all should work.

Dang ....
I just ordered Vonage service and THEN read this forum... I like the idea of the features of the V-Portal, but did not think about interference with the Z100G until AFTER I placed the order...

When you say DMZ host you mean that the Vonage V-Portal is "behind" the Z100G and configured in the Z100G as a DMZ host yes?

Did you find the documentation by chance to finish setting this up? I'm hoping you can share... look like the last post was over a month ago...

Does a DMZ host use up one of the licensed connections... that's the OTHER thing I just started thinking about .... ;-/

Jim

Jim,

I was having voice quality issues with my Vonage service (actually still am). I wanted to put the Vonage V-Portal before the Z100G so that Voip traffic would, in theory, have priority over all other data, thus giving the best Voip sound quality. I have been able to get the V-Portal to work in front of the Z100g, but through troubleshooting tools such as www.speedtest.net, ping, and traceroute, I've determined that my sound quality issues are with my ISP, Comcast. My inital opinion is that there is very little difference sound quality wise between having the V-Portal in front of the Z100g or as connected behind the Z100g as a LAN device.

As far as setting the V-Portal as DMZ host, I do not know whether that needs to be done. I do not understand enough about what DMZ is. My initial impression is that it totally defeats the device firewall, which is what I wanted for the V-Portal. Obviously, I only need 1 firewall and the Z100g's is all I need. I tried the V-Portal with and without DMZ host enabled and I think there was no difference. As far as licenses, I have no idea.

I do have instructions from SofaWare support on how to create a custom rule when a DMZ host device is installed ahead of the Z100g. Let me know if you need them.

Regards,

Dano

Thanks Dano!

If it works as good behind the firewall I'd just put it there unless it would burn up one of my very valuable 5 licenses!

I have one of the older Vongage boxes working at my church behind the Z100G with not special settings or rules at all it just worked "out of the box".

But if you would not mind, could you post the rules that tech. support gave you?

I'll post back once I get mine and let everybody know how it worked out... I would be VERY pleased if a DMZ connection did not suck up to a license.

Jim

PS: I have heard rumor that the some ISPs intentionally screw around with 3rd party VoIP traffic in order to make their own offerings look better.... I do not know if this is actually true or not....

Jim,

This is the chat transcript I had with SofaWare on configuring the Z100g to sit behind the Vonage V-Portal when it is configured as DMZ host:

Dan: Hi I got this response from Inbal on my question about DMZ rules:
Dan: You can create rules under security, rules tab, by adding rule. For example, service is the one you want, source should be the DMZ host, destination the Z100. If you want the traffic from it to be forwarded to a specific computer behind the Z100, you can also add allow and forward rule.
Marina: ok
Marina: what was the question?
Dan: My question is: Allow ANY service From My already defined network object (Voip device) to the Z100G. But, is the Z100g as destination the one called 'This gateway'?
Dan: So, if I do this, I should get all internet traffic in / out?
Marina: is the VOIP network object has a static external IP?
Dan: Yes
Marina: then you configure static NAT in the network object... correct?
Dan: I don't know if I've ever set static NAT. I have set the MAC address of the Voip devcie. Let me look at static NAT
Dan: For static NAT, it want's an external IP. What do I use?
Marina: you said you have a fixed external IP for the VOIP... correct?
Dan: Well, I've set the Voip DMZ IP as 192.168.15.254. Is that what you mean?
Marina: no
Marina: that is the IP that is assigned by the appliance
Dan: The standard IP for the Voip device is 192.168.15.1
Marina: did you purchase from your ISP another external IP?
Dan: No, I didn't. I don't know what that does
Marina: then you need to create the following rule:
Marina: ALLOW AND FORWARD
Marina: source: ANY
Marina: destination: THIS GATEWAY (you will see this expression in the settings)
Marina: forward to : the network object of the VOIP
Dan: OK . What about the static NAT setting on the Voip network object?
Marina: you don;t have a static external IP so you cannot use static NAT
Marina: just create the rule as i told you and it should be fine
Dan: OK I'll give it a try. Thanks for your help

Dano

Dano:

THANKS very much for posting this!

My V-portal should show up today, so very timely ;-)

I'll post back the results of my experiments.

I'd like to get V8.x of the firmware installed first, just to reduce risk that I'll have to re-do stuff after the upgrade.... but not sure how to get the new stuff at this point.

Also, if I can do it, I'd prefer to put the V-portal behind the Z100G in the DMZ if that does not consume a license as I think that would be more stable/reliable than trying to have the V-portal "pass thru" all traffic for everything else on my network.

I'll have to work with it!

Thanks!
Jim

Talking to tech. support they say the Z100G does not have a DMZ option and that any device that accesses the internet via the Z100G would use a license, so I guess if I want to try to avoid having the V-portal consume a license I'll have to try to set it up in front of the Z100G in pass-thru mode.......... sigh... more work for me....

I meant to post this much earlier but ... I keep getting distracted... Anyway, my Vonage V-Portal has been installed for a while now, and seems to be happily co-existing with the Z100G as follows:

Sofaware said that no matter how I configured the "details" of the V-Portal it WOULD consume a Z100G license if it was placed "behind" the firewall - this was not good for me as I am already using all of my licenses. (I wish ZA would let me buy 5 more licenses for $50 but that's another story....) Ok so ... based on this I decided to try to put the Vonage box in front of the Z100G as a pass-thru device. I got it working by doing the following:

1) On the vonage box I went to the config page http://v-configure.com/ and set is as follows:

Made it a DHCP server (just in case I ever wanted to connect to the box "directly").
Assigned IP of 192.168.15.1 to the V-portal
and DHCP range of 192.168.15.2 - .99

Under "ADVANCED config" on the V-Portal I:
Set a DMZ Host of 192.168.15.100

Under "Advanced Network Options" left everything alone, not thinking anything needed tweeking - my settings are:

WAN blocking, IPSec PassThru, PPTP Passthru all - enabled

Remote Config mgmt, UPnP, SSH - Disabled


Ok so now on the Z100G I set it up as follows:

(this is under 7.xx firmware - my firmware has been upgraded to 8.xx and still works fine).

WAN Port of Z100G:
connection type: LAN

Use hard coded IP: 192.168.15.100
this is the IP set as DMZ on the vonage box)

Subnet: 255.255.255.0

Default Gateway: 192.168.15.1
(this is the IP I assigned to the LAN port of the Vongage box)

Name servers:
Interestingly I could NOT figure out how to have the Z100G fetch the DNS servers from the vonage box as that seems to be an option ONLY if the Z100G is obtaining its IP automatically (at least under V7.xx firmwar) so I had to hard code the primary & secondary DNS values my ISP give out. No big deal unless they change for some reason.

I really did not expect this setup to work, but it has been working without issues for some time now and does not appear to impact throughput.

Comments welcome!

Thanks,
Jim



2)