inTheKnowSea
asked on
Traffic Being Lost Between Firewall and VMWare VM
I am setting up our infrastructure to enable remote phones on a new phone system we installed. The phone vendor requirements were fairly simple, port forward UDP 443 to a device on our DMZ(the virtual machine). Easy, or so I thought.
Everything looks good from the Firewall end. If I plug in the phone, I can see the traffic hit the firewall, and be forwarded to the device lets say is 11.11.11.11. No issues I can see from the firewall end. It's a Barracuda NG F280, I have gone over it over and over with Barracuda support and they see nothing from their end.
The issue is that traffic never hits 11.11.11.11. I have set up a monitoring VM on my DMZ with wireshark, never see the traffic. The VM has a packet monitor built in so I can create packet captures on the interface directly, never see the traffic. If I run a netcat cmd for UDP 443, I see nothing. I see other traffic. If I ping 11.11.11.11 from anywhere else on the network, I see it. There is nothing between this device and the Firewall, except the VMWare hypervisor.
I am at a loss at this point. My Firewall vendor says it isn't on their end, my phone vendor says it isn't on theirs. I believe that to be the truth, but I don't know what else it could be. Does anyone have any ideas? Only thing I can think of is something in VMWare, but I have never seen VMWare block traffic like that before.
Some more info:
Seems localized in some way to port number. If I change my forwarding rule to port 3300 instead of 443, and send a UDP packet over 3300, it gets there fine.
I tried forwarding 3389, and it works. I can RDP over the internet with this setup.
The Firewall is my only L3 device
I have a web filter on site that I have disabled for the time being
I can ping the 11.11.11.11 device from anywhere else on my network
I set up another device on the 11.11.11.0/24 network, and UDP 443 traffic does not hit that either
The gateway for the device is correct
Windows Firewall turned off on my testing VM
Phone vendor is involved, they just take a packet capture of the 11.11.11.11 interface, see no UDP 443 traffic and blame the Firewall
Everything looks good from the Firewall end. If I plug in the phone, I can see the traffic hit the firewall, and be forwarded to the device lets say is 11.11.11.11. No issues I can see from the firewall end. It's a Barracuda NG F280, I have gone over it over and over with Barracuda support and they see nothing from their end.
The issue is that traffic never hits 11.11.11.11. I have set up a monitoring VM on my DMZ with wireshark, never see the traffic. The VM has a packet monitor built in so I can create packet captures on the interface directly, never see the traffic. If I run a netcat cmd for UDP 443, I see nothing. I see other traffic. If I ping 11.11.11.11 from anywhere else on the network, I see it. There is nothing between this device and the Firewall, except the VMWare hypervisor.
I am at a loss at this point. My Firewall vendor says it isn't on their end, my phone vendor says it isn't on theirs. I believe that to be the truth, but I don't know what else it could be. Does anyone have any ideas? Only thing I can think of is something in VMWare, but I have never seen VMWare block traffic like that before.
Some more info:
Seems localized in some way to port number. If I change my forwarding rule to port 3300 instead of 443, and send a UDP packet over 3300, it gets there fine.
I tried forwarding 3389, and it works. I can RDP over the internet with this setup.
The Firewall is my only L3 device
I have a web filter on site that I have disabled for the time being
I can ping the 11.11.11.11 device from anywhere else on my network
I set up another device on the 11.11.11.0/24 network, and UDP 443 traffic does not hit that either
The gateway for the device is correct
Windows Firewall turned off on my testing VM
Phone vendor is involved, they just take a packet capture of the 11.11.11.11 interface, see no UDP 443 traffic and blame the Firewall
Soulja
Is the public address you are forwardinf through shared or dedicated just to this device. Could the firewall be forwarding to another ip?
ASKER
The IP is dedicated, it only services this device. I can verify the firewall rule on the inbound traffic that it is forwarding to the correct IP.
Ok secondly, does the firewall have a route to the internal device?
ASKER
Yes a route is on the firewall and fully functioning.
Is this same firewall NATTING for other devices successfully?
ASKER
Yes, the firewall works in all other cases. In fact, if I change the specific rule that isn't working to forward 3389(TCP) instead of 443 UDP, RDP works fine. It seems very specific to specific ports. I have tried 443 and 445, neither work, but 3300(UDP) and 3389(TCP) work fine. This is just changing the port settings on this specific firewall rule, nothing else.
Man, this is really strange. I am at a lost. Hopefully another expert can chime in on this one.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Glad you figured it out. I knew it didn't make sense. That explains it.