Wireshark Files Needed to be explained

We have a sonicwall firewall that is in place in our network.  We just had a new phone system put in that will allow vendor to get to it remotely and allow main office to transfer phone calls to branch offices by using VOIP.  There are times where the VOIP feature does not work and the vendor states that the sonicwall is blocking VOIP traffic or packets to their phone system.  We have opened up the ports they need and there are still issues.  They have ran wire shark to show us that that something is blocking the traffic.

If I upload these files can someone read these and tell me what is blocking traffic?  They have wire shark files between the sonicwall and phone system.

Can someone assist me by reading these and letting me know if it is the Sonicwall?
maximus7569Asked:
Who is Participating?
 
JAN PAKULAConnect With a Mentor ICT Infranstructure ManagerCommented:
also what sonicwalls you have?

can you tell me what setting you have on these (on both firewalls)

usually under
Firewall > TCP Settings or Firewall > advanced> TCP Settings

Enforce strict TCP compliance with RFC 793 and RFC 1122 - enabled?

Enable TCP handshake enforcement - enabled?

Enable TCP checksum enforcement – If an invalid TCP checksum is calculated, the packet will be dropped. - that might be why you loosing traffic - make sure this one is disabled

Default TCP Connection Timeout – enabled?

Maximum Segment Lifetime (seconds) -enabled?


https://www.fuzeqna.com/sonicwallkb/ext/kbdetail.aspx?kbid=3768&p=
0
 
JAN PAKULAICT Infranstructure ManagerCommented:
can you upload it to Google drive and make access available with link?
0
 
maximus7569Author Commented:
Ok I will do that.
0
The eGuide to Automating Firewall Change Control

Today’s IT environment is constantly changing, which affects security policies and firewall rules. Discover tips to help you embrace this change through process improvement & identify areas where automation & actionable intelligence can enhance both security and business agility.

 
JAN PAKULAICT Infranstructure ManagerCommented:
on which log they saying that sonicwall is dropping pockets?
0
 
JAN PAKULAICT Infranstructure ManagerCommented:
pocket 613- on log beetween sonicwall and vc0 -  "tcp checksum offloading problem"

to fix do that

1. Open Device manager (right click "Computer" and click "Manage")
2. Click on "Device Manager"
3. Expand "Network adapters"
4. Right click your network adapter mine is called "Nvidia nForce 10/100/1000 Mbps Ethernet" etc.
5. click "properties"
6. click the tab named "Advanced"
7. Find "IP Checksum Offload" and click it
8. Put the value to the right to "Disabled"
9. Find "TCP Checksum offload (IPvX)
10. Set the value to the right to "Disabled"
0
 
JAN PAKULAICT Infranstructure ManagerCommented:
if you want you can disable Google sharing - i have all 4 logs
0
 
JAN PAKULAICT Infranstructure ManagerCommented:
any update?
0
 
maximus7569Author Commented:
Let me look over your responses.  Just saw your responses.  Thanks!
0
 
maximus7569Author Commented:
The logs that have ICV in them is the ones they state that are blocking packets.
The sonicwall is a TZ100W.
I am looking at the settings you mentioned now.
0
 
maximus7569Author Commented:
Here are the firewall settings in a snap shot.
0
 
maximus7569Author Commented:
0
 
JAN PAKULAICT Infranstructure ManagerCommented:
was that original settings ? are you just changed it  to that?

if original try enabling two top ones
0
 
maximus7569Author Commented:
No I have not made any changes.
0
 
maximus7569Author Commented:
Ok I will enable.
0
 
maximus7569Author Commented:
Ok its done.
0
 
JAN PAKULAICT Infranstructure ManagerCommented:
is it working now? have you done changes on both firewalls?
0
 
maximus7569Author Commented:
Yes I have made changes.  Well its working now, its just later they cant get back into it.  They state that sonicwall starts to block the connection.  I don't understand how the sonicwall will start all of a sudden blocking traffic.   Is that even possible?
0
 
JAN PAKULAICT Infranstructure ManagerCommented:
0
 
JAN PAKULAICT Infranstructure ManagerCommented:
inactivity timouts on udp or sip might be also causing it - second article
0
 
JAN PAKULAICT Infranstructure ManagerCommented:
any update?
0
 
maximus7569Author Commented:
Seems to be staying stable.  Did you ever see where the sonicwall was blocking packets with those wireshark files?
0
 
JAN PAKULAICT Infranstructure ManagerCommented:
not sure what was your sonicwall ips - but it would be all with tcp checksum offloading problem" (black ones)
0
 
maximus7569Author Commented:
ok thanks.  Looks like we have not had any issues so far. You were very helpful.
0
All Courses

From novice to tech pro — start learning today.