I've got an issue where the SonicWall TZ 215 will max it's connections and become unresponsive within a 24 hour period. Looking at the Diagnostics > connection monitor, we see that it is a buildup of VoIP phone client connections with the following:
SrcIP = Phone client (remote location)
Src Port: 5060
Dst Port: 0
Src Iface: X1
Dst Iface: X1
Flow Type: SIP Control
IPS Cat: N/A
Expiry, Tx Bytes, Rx Bytes, Tx Pkts, and Rx Pkts : all = 0
when attempts to Flush, status returns: Not Found
The main site has the public WAN interface and 3 LAN interfaces. 1 for the local DATA, 1 for the Phone System and 1 for connectivity to the remote sites. The remote sites are on physically separated hardware with a routed connection provided by the ISP. There is no public access from remote sites without going through the main site. All VoIP clients are at remote sites. The Phone system is NEC and has it's own hardwired connection for voice so no VoIP traffic should go through the (X1) WAN/untrusted interface.
As you might can tell, I'm not a phone guy. ISP tech support and SonicWall tech support have escalated the tickets, but for over a week now have not been able to come up with any solutions. I'm running out of brilliant ideas and could use a fresh take so please weigh in.
Has anyone seen this before? Any idea where to look or what to look for?