CUHSupport
asked on
Sonicwall blocking udp ports
Even with the sonicwall allowing all the udp ports but we are having some of the ports just drop packets. This causing phone calls not to come in to the voip system. I have opened what I thought was the correct range but still no luck. I also turned on the voip sip feature in the sonicwall which helped cure some of the issues but we'll still get a few phones that will drop off until it's either reset or finds a different port.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
well your phones are using sip which is using tcp protocol to establish connection - than it goes to udp - all depends on your set-up.
can you enable heandshake and strict compliance (on both firewalls) - and have a look wireshark whats going on the cable
can you enable heandshake and strict compliance (on both firewalls) - and have a look wireshark whats going on the cable
ASKER
I enabled them, would that mean perhaps I need to change some ports for tcp? Or do I only need to have UDP open? I'll start taking a look at wireshark with the new settings.
i would open both
ASKER
I ran some more firewall exceptions but was still getting some packet drops. It seems to drop them off after around 15 minutes on the port. Could that be a setting in the sonicwall?
CUHSupport,
What SIP server you're using? and how are you publishing ports on the firewall ? Are you using Static NAT ?
Have you set your SIP server's Network default gateway IP to point to the internal IP of the Sonic Firewall?
Could you please make a call and trace it by Wireshark, post your wireshark log here. It might be that the range you have enabled on the firewall is not correct.
What SIP server you're using? and how are you publishing ports on the firewall ? Are you using Static NAT ?
Have you set your SIP server's Network default gateway IP to point to the internal IP of the Sonic Firewall?
Could you please make a call and trace it by Wireshark, post your wireshark log here. It might be that the range you have enabled on the firewall is not correct.
ASKER
Had to increase time for timeouts
can you tell me what setting you have here
usually under
Firewall > TCP Settings or Firewall > advanced> TCP Settings
Enforce strict TCP compliance with RFC 793 and RFC 1122 - enabled?
Enable TCP handshake enforcement - enabled?
Enable TCP checksum enforcement – If an invalid TCP checksum is calculated, the packet will be dropped. - that might be why you loosing traffic - make sure this one is disabled
Default TCP Connection Time-out – enabled?
Maximum Segment Lifetime (seconds) -enabled?
https://www.fuzeqna.com/sonicwallkb/ext/kbdetail.aspx?kbid=3768&p=
do you have 2 firewalls - if yes check those settings on both?
also have a look on this one
http://help.mysonicwall.com/sw/eng/305/ui2/23200/VoIP/Settings.htm
and this one
inactivity time-outs on udp or sip might be causing traffic lose:
http://www.informaticapressapochista.com/asterisk/asterisk-with-sonicwall/