Hello, let me start off by saying that our VoIP system is working fine with a different firewall, so I know everything is good there.
I don’t think this should make a difference to the problem I’m seeing, but I’m using a VLAN interface on our LAN port to reach the phone VLAN. The phone system connects to the same network switch on an untagged port. After setting up the DNAT and firewall rules that matched the other firewall for our NEC VoIP system, I can place a call and see the expected SIP traffic in wireshark, but I only get voice coming in from the outside, no voice is going out.
I set up a mirrored port for the phone system and confirmed with wireshark that the phone system is trying to send RTP packets to the correct external IP. When I run TCPdump on the XG, I can see the expected incoming RTP packets, but as far as I can tell, the RTP traffic from the phone system isn’t even hitting XG port.
09:05:20.116070 Port1.86, OUT: IP 66.xxx.xxx.xxx.48814 > 192.168.86.6.10208: UDP, length 172
09:05:20.136050 Port2, IN: IP 66.xxx.xxx.xxx.48814 > 216.xxx.xxx.xxx.10208: UDP, length 172
09:05:20.136064 Port1.86, OUT: IP 66.xxx.xxx.xxx.48814 > 192.168.86.6.10208: UDP, length 172
09:05:20.156049 Port2, IN: IP 66.xxx.xxx.xxx.48814 > 216.xxx.xxx.xxx.10208: UDP, length 172
09:05:20.156063 Port1.86, OUT: IP 66.xxx.xxx.xxx.48814 > 192.168.86.6.10208: UDP, length 172
09:05:20.176045 Port2, IN: IP 66.xxx.xxx.xxx.48814 > 216.xxx.xxx.xxx.10208: UDP, length 172
09:05:20.176069 Port1.86, OUT: IP 66.xxx.xxx.xxx.48814 > 192.168.86.6.10208: UDP, length 172
I’ve unloaded the SIP module on the XG.
I think I must be missing something obvious here. About the only thing I haven’t tried yet is setting up another physical port on the XG for the phone system instead of using a VLAN interface, but I don’t see any reason that should work vs. what I’m already trying.
Edited TAGs
[edited by: Erick Jan at 5:48 AM (GMT -8) on 15 Nov 2022]
