Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1291
  • Last Modified:

SonicWall TZ 215 Max connections reached in 24 hours

I've got an issue where the SonicWall TZ 215 will max it's connections and become unresponsive within a 24 hour period. Looking at the Diagnostics > connection monitor, we see that it is a buildup of VoIP phone client connections with the following:
SrcIP = Phone client (remote location)
Src Port: 5060
DstIP 0.0.0.0
Dst Port: 0
Protocol: UDP
Src Iface: X1
Dst Iface: X1
Flow Type: SIP Control
IPS Cat: N/A
Expiry, Tx Bytes, Rx Bytes, Tx Pkts, and Rx Pkts : all = 0

when attempts to Flush, status returns: Not Found

The main site has the public WAN interface and 3 LAN interfaces. 1 for the local DATA, 1 for the Phone System and 1 for connectivity to the remote sites. The remote sites are on physically separated hardware with a routed connection provided by the ISP. There is no public access from remote sites without going through the main site. All VoIP clients are at remote sites. The Phone system is NEC and has it's own hardwired connection for voice so no VoIP traffic should go through the (X1) WAN/untrusted interface.

As you might can tell, I'm not a phone guy. ISP tech support and SonicWall tech support have escalated the tickets, but for over a week now have not been able to come up with any solutions. I'm running out of brilliant ideas and could use a fresh take so please weigh in.

Has anyone seen this before? Any idea where to look or what to look for?

Thanks.
0
synetron
Asked:
synetron
  • 2
1 Solution
 
btanExec ConsultantCommented:
was wondering if it is sort of port exhaustion or something to do with outbound NAT since  SIP and SDP may use multiple ports to set up a connection. Saw this

http://biztechstore.com/blog/?p=191
http://www.voipmechanic.com/sonicwall-voip.htm

More on Sonicwall VoIP setting
http://help.mysonicwall.com/sw/eng/305/ui2/23200/VoIP/Settings.htm
0
 
TimotiStDatacenter TechnicianCommented:
A small diagram would be nice, just to make sure we understand what goes where... :)

Tamas
0
 
synetronAuthor Commented:
I'll try and whip that up.
0
 
synetronAuthor Commented:
without any SIP communication on the WAN port, the VoIP>Settings - Enable SIP Transformations was linking every SIP control packet to the WAN port creating it's own DOS attack.

Found it following the bread crumbs from http://help.mysonicwall.com/sw/eng/305/ui2/23200/VoIP/Settings.htm

Awarding points for first comment as it lead to the solution. Thanks for the interest.
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now