🚀 Configure QoS for VoIP on pfSense (IP Phone Priority Setup)

In modern business environments, voice and video communication are critical. Without proper traffic control, applications like VoIP, Microsoft Teams, or Zoom can easily suffer from lag or jitter—especially when bandwidth is congested.

In this guide, you’ll learn how to configure VoIP on pfSense using QoS (Traffic Shaper) to prioritize critical traffic and ensure stable communication across your network.

📊 1. Overview

pfSense provides a built-in wizard to configure QoS بسهولة:

👉 Navigate to:
Firewall → Traffic Shaper → Wizard

You should use QoS when handling:

• VoIP priority

• Gaming priority

• Multi-class QoS environments

🔍 Example Scenario

Company bandwidth: 100 Mbps

Traffic includes:

• Microsoft Teams meetings

• VoIP calls

• Web browsing

• File downloads

• YouTube streaming

Without QoS:

❌ One user downloads a large ISO file → consumes all bandwidth
❌ Teams meetings start lagging
❌ VoIP calls become unstable

With Traffic Shaper:

✔ VoIP / Teams → HIGH priority
✔ Web → Normal priority
✔ Downloads → Low priority

➡ When bandwidth is congested, VoIP traffic always goes first while downloads are throttled.

🏢 Typical Business Priority Model

• VoIP SIP → High priority

• Teams Voice → High priority

• Zoom → High priority

• RDP → Medium priority

• Web → Normal priority

• Torrent → Low priority

⚙️ 2. Wizard Configuration

🔹 Step 1: Create QoS with Wizard

For a simple setup (1 LAN, 1 WAN):

• Set WAN = 1

• Set LAN = 1 → Click Next

PRIQ is selected by default:
➡ A priority-based scheduler suitable for VoIP and real-time traffic.

📥 Bandwidth Configuration

• Enter 90–95% of actual bandwidth

Example:

• Actual: 100 Mbps

• Configure: 90 Mbps

💡 This ensures pfSense controls the queue effectively. If ISP bandwidth exceeds configured values, QoS may not work correctly.

⚙️ Default Profile

Generic (lowdelay) is optimized for:

• SIP

• RTP

• Audio/video calls

➡ No changes required.

☎️ Upstream SIP Server

Only configure if you have:

• SIP Trunk

• PBX server IP

• Specific VoIP provider

📦 Additional Wizard Sections

• Penalty Box
  Used to throttle bandwidth for specific IPs consuming too much traffic

• Peer-to-Peer Networking
  Limits torrent/file sharing traffic (often unnecessary in modern setups)

• Network Games
  Prioritizes gaming traffic (rarely used in business environments)

• Raise or Lower Other Applications
  Uses outdated port-based detection → typically skipped

🔹 Step 2: Check QoS Functionality

Queue definitions:

• qVoIP → Highest priority

• qACK → TCP acknowledgments

• qDefault → Normal traffic

• qLink → Root queue

⚠️ Important:
Queues do NOT work automatically. You must assign them in firewall rules.

Example:

• LAN → Pass → Any

• Queue: qDefault / qVoIP

🔹 Step 3: Disable Default Rule

Default rule behavior:

• Prioritizes all UDP traffic as VoIP

❌ Problem:
UDP includes:

• Teams

• Zoom

• Games

• QUIC (Google/YouTube)

• DNS

➡ This breaks QoS logic completely.

✔ Best practice:
Disable this rule.

🎯 3. Apply QoS to Ports (Easiest Method)

📞 3.1 Apply QoS to VoIP

Example IP Phone ports:

• SIP: 5060, 5061/UDP

• RTP: 10000–20000/UDP

👉 Navigate to:
Firewall → Rules → LAN

Add rule:

• Protocol: UDP

• Source: LAN net

• Destination: Any or PBX server

• Port: 5060, 5061

• Advanced → Queue: qVoIP

💬 3.2 Apply QoS to Applications (Microsoft Teams)

Microsoft Teams uses UDP ports:

• 3478

• 3479

• 3480

• 3481

🔸 Step 1: Create Aliases

👉 Go to:
Firewall → Aliases → Ports

Create:

• Name: TEAMS_PORT

• Ports: 3478, 3479, 3480, 3481

🔸 Step 2: Create Priority Rule

👉 Navigate to:
Firewall → Rules → LAN

Add rule:

• Protocol: UDP

• Source: LAN net

• Destination: any

• Destination port: TEAMS_PORT

• Advanced → Queue: qVoIP

🔸 Step 3: Move Rule to Top

⚠️ Very important:

Rule order:

1. Teams UDP → qVoIP

2. Default LAN rule

🌐 4. Apply QoS by IP Address (Advanced)

Microsoft publishes official IP ranges:

• 52.112.0.0/14

• 52.120.0.0/14

👉 Create rule:

• Source: LAN

• Destination: Microsoft Teams IP range

• Queue: qVoIP

🎯 Final Thoughts

Configuring VoIP on pfSense with QoS is essential for maintaining call quality in busy networks. By prioritizing voice and real-time traffic, you ensure stable communication even under heavy load.

With the steps in this guide, you can:

• Eliminate VoIP lag and jitter

• Optimize bandwidth usage

• Build a professional QoS system for your network

Whether you’re managing a small office or a larger enterprise system, proper QoS configuration will significantly improve user experience and network reliability.