Traffic Being Lost Between Firewall and VMWare VM

I am setting up our infrastructure to enable remote phones on a new phone system we installed. The phone vendor requirements were fairly simple, port forward UDP 443 to a device on our DMZ(the virtual machine). Easy, or so I thought.



Everything looks good from the Firewall end. If I plug in the phone, I can see the traffic hit the firewall, and be forwarded to the device lets say is 11.11.11.11. No issues I can see from the firewall end. It's a Barracuda NG F280, I have gone over it over and over with Barracuda support and they see nothing from their end.



The issue is that traffic never hits 11.11.11.11. I have set up a monitoring VM on my DMZ with wireshark, never see the traffic. The VM has a packet monitor built in so I can create packet captures on the interface directly, never see the traffic. If I run a netcat cmd for UDP 443, I see nothing. I see other traffic. If I ping 11.11.11.11 from anywhere else on the network, I see it. There is nothing between this device and the Firewall, except the VMWare hypervisor.



I am at a loss at this point. My Firewall vendor says it isn't on their end, my phone vendor says it isn't on theirs. I believe that to be the truth, but I don't know what else it could be. Does anyone have any ideas? Only thing I can think of is something in VMWare, but I have never seen VMWare block traffic like that before.

Some more info:

Seems localized in some way to port number. If I change my forwarding rule to port 3300 instead of 443, and send a UDP packet over 3300, it gets there fine.
I tried forwarding 3389, and it works. I can RDP over the internet with this setup.
The Firewall is my only L3 device
I have a web filter on site that I have disabled for the time being
I can ping the 11.11.11.11 device from anywhere else on my network
I set up another device on the 11.11.11.0/24 network, and UDP 443 traffic does not hit that either
The gateway for the device is correct
Windows Firewall turned off on my testing VM
Phone vendor is involved, they just take a packet capture of the 11.11.11.11 interface, see no UDP 443 traffic and blame the Firewall
inTheKnowSeaAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

SouljaSr.Net.EngCommented:
Is the public address you are forwardinf through shared or dedicated just to this device. Could the firewall be forwarding to another ip?
inTheKnowSeaAuthor Commented:
The IP is dedicated, it only services this device. I can verify the firewall rule on the inbound traffic that it is forwarding to the correct IP.
SouljaSr.Net.EngCommented:
Ok secondly, does the firewall have a route to the internal device?
Your Guide to Achieving IT Business Success

The IT Service Excellence Tool Kit has best practices to keep your clients happy and business booming. Inside, you’ll find everything you need to increase client satisfaction and retention, become more competitive, and increase your overall success.

inTheKnowSeaAuthor Commented:
Yes a route is on the firewall and fully functioning.
SouljaSr.Net.EngCommented:
Is this same firewall NATTING for other devices successfully?
inTheKnowSeaAuthor Commented:
Yes, the firewall works in all other cases. In fact, if I change the specific rule that isn't working to forward 3389(TCP) instead of 443 UDP, RDP works fine. It seems very specific to specific ports. I have tried 443 and 445, neither work, but 3300(UDP) and 3389(TCP) work fine. This is just changing the port settings on this specific firewall rule, nothing else.
SouljaSr.Net.EngCommented:
Man, this is really strange. I am at a lost. Hopefully another expert can chime in on this one.
inTheKnowSeaAuthor Commented:
I eventually figured this out. A web filter on the network that was disabled was still filtering traffic... for whatever reason.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
SouljaSr.Net.EngCommented:
Glad you figured it out. I knew it didn't make sense. That explains it.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Virtualization

From novice to tech pro — start learning today.