I am setting up our infrastructure to enable remote phones on a new phone system we installed. The phone vendor requirements were fairly simple, port forward UDP 443 to a device on our DMZ(the virtual machine). Easy, or so I thought.
Everything looks good from the Firewall end. If I plug in the phone, I can see the traffic hit the firewall, and be forwarded to the device lets say is 18.104.22.168. No issues I can see from the firewall end. It's a Barracuda NG F280, I have gone over it over and over with Barracuda support and they see nothing from their end.
The issue is that traffic never hits 22.214.171.124. I have set up a monitoring VM on my DMZ with wireshark, never see the traffic. The VM has a packet monitor built in so I can create packet captures on the interface directly, never see the traffic. If I run a netcat cmd for UDP 443, I see nothing. I see other traffic. If I ping 126.96.36.199 from anywhere else on the network, I see it. There is nothing between this device and the Firewall, except the VMWare hypervisor.
I am at a loss at this point. My Firewall vendor says it isn't on their end, my phone vendor says it isn't on theirs. I believe that to be the truth, but I don't know what else it could be. Does anyone have any ideas? Only thing I can think of is something in VMWare, but I have never seen VMWare block traffic like that before.
Some more info:
Seems localized in some way to port number. If I change my forwarding rule to port 3300 instead of 443, and send a UDP packet over 3300, it gets there fine.
I tried forwarding 3389, and it works. I can RDP over the internet with this setup.
The Firewall is my only L3 device
I have a web filter on site that I have disabled for the time being
I can ping the 188.8.131.52 device from anywhere else on my network
I set up another device on the 184.108.40.206/24 network, and UDP 443 traffic does not hit that either
The gateway for the device is correct
Windows Firewall turned off on my testing VM
Phone vendor is involved, they just take a packet capture of the 220.127.116.11 interface, see no UDP 443 traffic and blame the Firewall