tz105 udp packet dropped sip peer goes unreachable

Posted on 2014-08-06
Last Modified: 2014-08-08
We have a problem where some of our Polycom phones which connect through our TZ105 Sonicwall to a hosted PBX will go unreachable.

under VOIP Settings of the TZ105 we have:

Enable consistent NAT
Enable SIP Transformations

However when we look in the log of the FW it says "UDP Packet Dropped" destined for the very device which goes unreachable.  It only does this for one or two of our 17 phones and it seems to change which phone it is periodically.

We set an allow rule for the IP of the hosted PBX and this did not change the dropped packets.  For some reason it is dropping the keep alive packets for just a few phones.    I have not seen a pattern as to which phone it is.

The hosted PBX Is running FreePBX.  I have tried changing the NAT settings on the PBX between Yes, no, never and route without much noticeable difference in behavior.

For some reason one or two phones will not stay registered and therefore not receive calls.  They are able to make calls.

This is my first Sonicwall
Question by:YMartin
    LVL 15

    Accepted Solution

    Not much of a fan of Sonicwall --  But there s a great resource on the PBXinaFlash forum.
    LVL 1

    Author Comment

    I have done some more research and it seems to be that the phone punches a hole UDP port in the firewall which the PBX uses to ping the phone on every minute.  However when the phone is in use and on a call it seems the hole closes causing the phone to become unreachable.  I need to keep that hole punch open longer or get the phone to send keep alives more frequently.
    LVL 1

    Author Comment

    Thanks Phonebuff.  That indeed was the solution.  He indicates where you can increase the UDP timeout.  The setting however has moved to "Firewall Settings", "Advanced", "UDP".
    One other issue which came up was the firewall was preventing registrations after a call ended - very frustrating and almost had us pull the device but A firmware update fixed that anomaly.

    Featured Post

    Threat Intelligence Starter Resources

    Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

    Join & Write a Comment

    Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment…
    Almost all Internet protocol telephones have built-in switches at the back that allow you to connect your personal computer to one port and use the other port to connect your phone to to a Cisco switch.   Why we need to connect the PC to the pho…
    Need more eyes on your posted question? Go ahead and follow the quick steps in this video to learn how to Request Attention to your question. *Log into your Experts Exchange account *Find the question you want to Request Attention for *Go to the e…
    Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

    731 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now