Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Sonicwall blocking udp ports

Posted on 2013-06-14
8
Medium Priority
?
3,645 Views
Last Modified: 2013-06-25
Even with the sonicwall allowing all the udp ports but we are having some of the ports just drop packets.  This causing phone calls not to come in to the voip system.  I have opened what I thought was the correct range but still no luck.  I also turned on the voip sip feature in the sonicwall which helped cure some of the issues but we'll still get a few phones that will drop off until it's either reset or finds a different port.
0
Comment
Question by:CUHSupport
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 14

Expert Comment

by:JAN PAKULA
ID: 39248969
what sonicwall you have?

can you tell me what setting you have here

usually under
Firewall > TCP Settings or Firewall > advanced> TCP Settings

Enforce strict TCP compliance with RFC 793 and RFC 1122 - enabled?

Enable TCP handshake enforcement - enabled?

Enable TCP checksum enforcement – If an invalid TCP checksum is calculated, the packet will be dropped. - that might be why you loosing traffic - make sure this one is disabled

Default TCP Connection Time-out – enabled?

Maximum Segment Lifetime (seconds) -enabled?


https://www.fuzeqna.com/sonicwallkb/ext/kbdetail.aspx?kbid=3768&p=


do you have 2 firewalls - if yes check those settings on both?

also have a look on this one

http://help.mysonicwall.com/sw/eng/305/ui2/23200/VoIP/Settings.htm

and this one

inactivity time-outs on udp or sip might be causing traffic lose:

http://www.informaticapressapochista.com/asterisk/asterisk-with-sonicwall/
0
 

Accepted Solution

by:
CUHSupport earned 0 total points
ID: 39248987
I have nothing enabled in TCP.  If the phones packets are using UDP, how would TCP effect the packets?  It is a TZ 100 wireless-n

 Enforce strict TCP compliance with RFC 793 and RFC 1122 not checked

          Enable TCP handshake enforcement Not checked

 Enable TCP checksum enforcement Not checked
TCP Handshake Timeout (seconds):      30 seconds
Default TCP Connection Timeout (minutes):      15 minutes
Maximum Segment Lifetime (seconds):      8
0
 
LVL 14

Expert Comment

by:JAN PAKULA
ID: 39249034
well your phones are using sip which  is using  tcp protocol  to establish connection - than it goes to udp - all depends on your set-up.

can you enable heandshake and strict compliance (on both firewalls) - and have a look wireshark whats going on the cable
0
Simple, centralized multimedia control

Watch and learn to see how ATEN provided an easy and effective way for three jointly-owned pubs to control the 60 televisions located across their three venues utilizing the ATEN Control System, Modular Matrix Switch and HDBaseT extenders.

 

Author Comment

by:CUHSupport
ID: 39249040
I enabled them, would that mean perhaps I need to change some ports for tcp? Or do I only need to have UDP open?  I'll start taking a look at wireshark with the new settings.
0
 
LVL 14

Expert Comment

by:JAN PAKULA
ID: 39249051
i would open both
0
 

Author Comment

by:CUHSupport
ID: 39249129
I ran some more firewall exceptions but was still getting some packet drops.  It seems to drop them off after around 15 minutes on the port.  Could that be a setting in the sonicwall?
0
 
LVL 24

Expert Comment

by:Mohammed Hamada
ID: 39249148
CUHSupport,

What SIP server you're using? and how are you publishing ports on the firewall ? Are you using Static NAT ?
Have you set your SIP server's Network default gateway IP to point to the internal IP of the Sonic Firewall?

Could you please make a call and trace it by Wireshark, post your wireshark log here. It might be that the range you have enabled on the firewall is not correct.
0
 

Author Closing Comment

by:CUHSupport
ID: 39274189
Had to increase time for timeouts
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Suggested Courses

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question