Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 28 subscribers
  • Views 9675 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Issue with SIP and rejected packets

rogermwl

Hello

We've logged a call with Sophos support, but wanted to open this up to the community as well as it's quite urgent

Our customer has a Sophos XG210 (SFOS 17.0.6 MR-6) and SIP VOIP Phones. The symptoms of the issue is that inbound calls start to fail.

They two WAN connections; a leased line and an ADSL connection. The main firewall rule for the phones is simply

Source: VOICE VLAN, Any

Destination: WAN, Any, Any

All None under scanning etc.

Changing this rule to the ADSL connection, things 'work'. Inbound calls generally seem to work fine, but troubleshooting is hindered by the ADSL line being poor. Call quality issues start to occur that are being included in this issue.

When using the leased line (using the same firewall rule), eventually inbound call routing starts to fail (call quality is good). It may be a red herring, but Violation reports start appearing in the firewall log. An example of the packet capture:

Date=2018-03-16 Time=16:34:14 log_id=0103021 log_type=Firewall log_component=Local_ACLs log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port2 out_dev= inzone_id=2 outzone_id=4 source_mac=a4:4c:11:8e:2a:83 dest_mac=7c:5a:1c:48:8c:99 l3_protocol=IP source_ip=xx.xxx.xxx.120 dest_ip=xx.xxx.xxx.146 l4_protocol=UDP source_port=5060 dest_port=2934 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_node=0 inmark=0x8001 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=0 connid=243270464 masterid=0 status=256 state=0 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

To my mind, it's as if the Firewall is unaware of the packet returning and rejecting it. Is it possible for the NAT to become full and start rejecting packets?

Thanks for any help



This thread was automatically locked due to age.
Parents Reply Children
No Data