TPG Community

Get online support

Placing Archer VR1600V Behind a firewall

woodsey
Level 3

Hi,

 

I want to use Kerio Control as my primary internet firewall.

My Kerio Control will have two LAN NIcs, 1 to my 24Port switch switch servicing all my wired devices (including a wifi access point) and one to the Archer which I will turn off the wifi services, port forwarding/triggering etc and simply have to allow the ATA4 devices to access the voip services.

 

Can I connect Kerio COntrol to the NBN (FTTC) unit with the same login and type (PPPoE) as the Archer then reconfigure the Archer to NOT try and login and then route all SIP services from the Kerio Control to the Archer VR1600?

I am not using a voip phone into the Archer but am using 2 x ATA4 devices connected to LAN ports on the Archer which I would still like to continue to do but I want to have more granular control over my firewall.

 

Connecting Kerio Control to the Archer is not so simple unless I change lots of IP addresses because the Kerio Control WAN port can not be in the same IP scope as the LAN ports.

 

2 REPLIES 2
BasilDV
Moderator

Hi @woodsey

 

You may use any third party device as long as it is compatible to the NBN technology and can complete the requirements needed for it to be configured.

 

You may check the post of one of our NBN FTTC customers who successfully configured his own third party device. Steps I used to connect Ubiquiti EdgeRouterX to TPG NBN FTTC

 

BasilDV

woodsey
Level 3

Thanks for that.

The only issue with his setup is that he does not mention any Voip/SIP issues. Because of that I am assumming he does not need/use Voip.

For us, the Archer has the hidden configuration for SIP connection/translation etc. It then broadcasts this out to the four LAN ports (two of which are connected to ATA4 devices to give me FXS inputs to our phone system.

Unfortunately, this appears to be the only option for us as we were advised that we could not be provisioned 6 real SIP trunks to go directly into the SIP interfaces on the PBX but had to convert to FXS.

The third LAN port (connection to the LAN switch) means that because the Voip traffic is being broadcast out, not only do the two ATA4 devices receive all Voip traffic (dropping that traffic not intended for them) but also goes into the LAN switch where and is then dutifully ignored by all our LAN devices.

What I am trying to do is use the Kerio Control software to route all Voip/SIP traffic to the IP address of the Archer and any other traffic to the LAN, reducing the congestion on the LAN.

Currenlty I can easily place the Kerio Control box on the Archer but when I try the reverse the Archer is not happy to be the second device (even though it is receiving the exact same traffic).

 

I will sort it one day :-)