Solved

SonicWall TZ 215 Max connections reached in 24 hours

Posted on 2013-01-25
4
1,250 Views
Last Modified: 2013-01-28
I've got an issue where the SonicWall TZ 215 will max it's connections and become unresponsive within a 24 hour period. Looking at the Diagnostics > connection monitor, we see that it is a buildup of VoIP phone client connections with the following:
SrcIP = Phone client (remote location)
Src Port: 5060
DstIP 0.0.0.0
Dst Port: 0
Protocol: UDP
Src Iface: X1
Dst Iface: X1
Flow Type: SIP Control
IPS Cat: N/A
Expiry, Tx Bytes, Rx Bytes, Tx Pkts, and Rx Pkts : all = 0

when attempts to Flush, status returns: Not Found

The main site has the public WAN interface and 3 LAN interfaces. 1 for the local DATA, 1 for the Phone System and 1 for connectivity to the remote sites. The remote sites are on physically separated hardware with a routed connection provided by the ISP. There is no public access from remote sites without going through the main site. All VoIP clients are at remote sites. The Phone system is NEC and has it's own hardwired connection for voice so no VoIP traffic should go through the (X1) WAN/untrusted interface.

As you might can tell, I'm not a phone guy. ISP tech support and SonicWall tech support have escalated the tickets, but for over a week now have not been able to come up with any solutions. I'm running out of brilliant ideas and could use a fresh take so please weigh in.

Has anyone seen this before? Any idea where to look or what to look for?

Thanks.
0
Comment
Question by:synetron
  • 2
4 Comments
 
LVL 61

Accepted Solution

by:
btan earned 500 total points
ID: 38821470
was wondering if it is sort of port exhaustion or something to do with outbound NAT since  SIP and SDP may use multiple ports to set up a connection. Saw this

http://biztechstore.com/blog/?p=191
http://www.voipmechanic.com/sonicwall-voip.htm

More on Sonicwall VoIP setting
http://help.mysonicwall.com/sw/eng/305/ui2/23200/VoIP/Settings.htm
0
 
LVL 17

Expert Comment

by:TimotiSt
ID: 38823275
A small diagram would be nice, just to make sure we understand what goes where... :)

Tamas
0
 
LVL 2

Author Comment

by:synetron
ID: 38823331
I'll try and whip that up.
0
 
LVL 2

Author Comment

by:synetron
ID: 38828808
without any SIP communication on the WAN port, the VoIP>Settings - Enable SIP Transformations was linking every SIP control packet to the WAN port creating it's own DOS attack.

Found it following the bread crumbs from http://help.mysonicwall.com/sw/eng/305/ui2/23200/VoIP/Settings.htm

Awarding points for first comment as it lead to the solution. Thanks for the interest.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now