RingCentral Meraki MX64 User manual
Meraki MX64 Firewall/Router
QoS Configuration Guide
QoS Configuration Guide | Meraki MX64 | Contents
2
Contents
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Performance and Capacities . . . . . . . . . . . . . . . . . . . . . . . . . . . .3
Configure Your Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4
Meraki MX64 Firewall Configuration . . . . . . . . . . . . . . . . . . . . . . 4
Quality of Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Test Your Connection Capacity . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Supported Browsers for Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Test Your Connection Quality . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Ports and Firewalls Settings for RingCentral VoIP Service . . . . . . . . . . . . . 11
3
QoS Configuration Guide | Meraki MX64 | Introduction
Introduction
The Meraki MX64 Security Appliance is ideal for organizations
considering a Unified Threat Management (UTM) solution, for
distributed sites, campuses or datacenter VPN concentration.
Since the MX64 is 100% cloud managed, installation and remote
management is simple. The MX64 has a comprehensive suite of
network services, eliminating the need for multiple appliances.
These services include SD-WAN capabilities, application-based
firewalling, content filtering, web search filtering, SNORT® based
intrusion detection and prevention, Cisco Advanced Malware
Protection (AMP), web caching, 4G cellular failover and more. Auto
VPN and SD-WAN features are available on our hardware and
virtual appliances, configurable in Amazon Web Services.
Key Security Features
Stateful firewall
Auto VPN™ self-configuring site-to-site VPN
Active Directory integration
Identity-based policies
Client VPN (IPsec)
3G / 4G failover via USB modem
Layer 7 application visibility and traffic shaping
Application prioritization
Content filtering
Google SafeSearch and YouTube for Schools
Intrusion detection & prevention (IDS/IPS)
Advanced Malware Protection (AMP)
Cisco Threat Grid2
Performance and Capacities
Ideal for small size businesses
Recommended user count —50
Max throughput, all security —200 Mbps
Max connections —100,000
Max connections per second —5000
Max VPN throughput —100 Mbps
Max concurrent VPN tunnels —50
Max AV throughput —250 Mbps
Max concurrent VPN tunnels —50
WAN Interfaces —2 x GbE RJ45
1 x USB (cellular failover)
LAN Interfaces Fixed —4 x GbE RJ45
Note:
The firewalls recommended here are quality hardware that we
have tested internally and work reliably with our services.
However, given the constantly updated firmware and physical
changes made by manufacturers and the nature of cloud-based
services, RingCentral cannot control the final configuration of
the hardware or your computer systems/networks, or promise
that any given firewall will work with your system, or guarantee
that our information is 100% up to date.
This document is intended to be used as a guide to assist in
customer network configuration.
These settings have been tested within the RingCentral Tier 3
Lab, and have been proven to increase the QoS per lab
requirements.
4
QoS Configuration Guide | Meraki MX64 | Configure Your Firewall
Configure Your Firewall
Meraki MX64 Firewall Configuration
Brand: Cisco
Model: MX64
Firmware version: 12.26
2. Select Security Appliance. (Figure 1)
To review the Quick Start Guide for the Meraki click here. See the Meraki Installation Guide here.
1. Log into the Meraki Cloud interface..
Figure 1
3. Select Firewall (Figure 2A) and Include the 7 RingCentral Supernets per the: RingCentral Recommendations and Requirements Document.
5
QoS Configuration Guide | Meraki MX64 | Configure Your Firewall
Figure 2A
Figure 2B
6
QoS Configuration Guide | Meraki MX64 | Configure Your Firewall
4. Go Back into Security Appliance and select Traffic Shaping. (Figure 3)
Figure 3
7
QoS Configuration Guide | Meraki MX64 | Configure Your Firewall
5. Set the Uplink configuration for the bandwidth which your circuit is providing for each WAN link. (Example circuit 5 Mbps and no WAN 2 or
Cellular.) (Figure 4)
Figure 4
If utilizing WAN2 and Cellular assure the devices are utilizing only one Network on one subnet and you are not load balancing or
traversing between Wired and/or Cellular Networks.
8
QoS Configuration Guide | Meraki MX64 | Configure Your Firewall
7. Set a Traffic shaping rule: (Figure 6)
a) Rule #1.
i. Set bandwidth management (BWM) for the RingCentral Supernets.
ii. Bandwidth limit set to “Ignore network per-client (unlimited).
iii. Priority set to “High”.
iv. DSP tagging set to “46 (EF - Expedited Forwarding, Voice).
6. Under Global bandwidth limits set your per-client limit. (With our 5 Mbps circuit we are allowing 2 Mbps per client with a burst if needed.)
(Figure 5)
Figure 5
Figure 6
9
QoS Configuration Guide | Meraki MX64 | Quality of Service
Quality of Service
RingCentral provides reliable, high-quality voice service. Your local
network, internet connection, and your router all contribute to overall call
quality, with sufficient dedicated bandwidth to voice calls being the biggest
factor. To help you manage your call quality, RingCentral offers tools to
check your internet connection speed, and instructions to configure the
Quality of Service (QoS) settings of your routers.
The QoS settings on your router enable it to give priority to real-time voice
traffic over lower-priority data traffic, such as large downloads. This
document provides recommended configuration settings to ensure the
highest-possible QoS experience on the Meraki MX64 Firewall/Router.
Please reference the relevant TCP/UDP settings on the Ports and Firewalls
table to complete the recommended setup.
Supported Browsers for Test
Internet Explorer®11 or higher (Windows®XP, 7, 8 or higher)
Firefox®version 36 or higher (Windows and Mac®)
Safari version 6.2 or higher (Mac)
Note:
The routers recommended here are quality hardware that we
have tested internally and work reliably with our services.
However, given the constantly updated firmware and physical
changes made by manufacturers and the nature of cloud-based
services, RingCentral cannot control the final configuration of
the hardware or your computer systems/networks, or promise
that any given router will work with your system, or guarantee
that our information is 100% up to date.
Test Your Connection Capacity
The RingCentral Connection Capacity test will help determine the maximum
number of simultaneous RingCentral calls that can be supported on your
broadband connection. Run this test during normal business hours when the
connection is in use by other applications, including large file downloads.
The capacity test should be run using the maximum number of simultaneous
call connections needed, and should use the G.711 codec selection.
Specific requirements for QoS:
Bandwidth—100 Kbps up and down per call
Latency (one-way)—less than 150 ms
Jitter—not to exceed 100 ms
Packet loss—less than 3%
These requirements are the foundation for ensuring your local network can
support satisfactory VoIP. Failure to meet these requirements will result in
poor voice quality.
When the test completes, you will see the recommended number of
simultaneous calls your connection can support while maintaining good quality
voice calls.
10
QoS Configuration Guide | Meraki MX64 | Quality of Service
Test Your Connection Quality
RingCentral provides a VoIP Quality test that will simulate VoIP calls
between your computer and RingCentral, and provide an estimate of
the voice quality you should expect when using our service. For the
most accurate results, run this test at least three different times
throughout a business day, and during peak usage times, while
connected to the network that you plan to use for RingCentral.
A two-minute test is typically sufficient, while longer tests are useful
to find intermittent problems or to simultaneously test VoIP
performance along with other traffic, such as file transfers or remote
access.
Select the maximum number of simultaneous users you expect to
support, and set the test duration between 1 and 5 minutes; 2
minutes is considered sufficient in most instances.
Click jitter and packet loss on the RESULTS SUMMARY panel to view
the overall quality of your expected VoIP connection.
MOS score (Mean Opinion Score) refers to a test that has been used
for decades in telephony networks to obtain the human user's view of
the quality of the network. The MOS is the arithmetic mean of all the
individual scores, and can range from 1 (worst) to 5 (best). A MOS
score of 4 is good.
11
QoS Configuration Guide | Meraki MX64 | Ports and Firewalls Settings for RingCentral VoIP Service
©2018 RingCentral, Inc. All rights reserved. RingCentral and the RingCentral logo are registered trademarks of RingCentral, Inc. Other third-party marks and logos displayed
in this document are the trademarks of their respective owners.
Ports and Firewalls Settings for RingCentral VoIP Service
Please see RingCentral Ports and Firewalls reference link for the required TCP/UDP ports that need to be opened for RingCentral devices to
work. Categories are:
Device Type
Protocol
Source Port—Customer Side
Destination Port—RingCentral Side
Also see information on Port Triggering on the referenced page.
KID-11610
Table of contents
