Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 11 replies
  • Subscribers 2 subscribers
  • Views 13633 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SIP Firewall Rules - Phones cant reach SIP server

Marzetti
Hi all,
I'm having some issues with my VOIP phone getting out of the network.  I've tried manually adding FW rules as well as the built-in VOIP configuration on the UTM, but still a no go.  The device I'm testing with works fine from my home network after forwarding the appropriate ports (SIP 5060-5061 and RTP 10000-20000).

Here is the FW log entry showing a drop:
2015:01:22-09:23:18 SGF-GW1-1 ulogd[4823]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0.20" outitf="eth1" srcmac="00:0b:82:6e:ad:ff" dstmac="00:1a:8c:f0:56:c0" srcip="10.0.2.11"

I've also attached screenshots of my configured rules on the FW.

What am I missing??


This thread was automatically locked due to age.
Parents
  • 0
    Hi all,
    Sorry for the lateness.  We ended up abandoning the provider, since their support was terrible (for this and other things).  

    Bob - The source IP is actually the VOIP phone.  And yes, it looks like I provided the incorrect logs.

    However, I did work with Sophos support and they found that the provider seemed to be returning malformed packets.

    This is what we pulled from the log (censored *.*.*.* is our public IP):
    10:59:11.168972 IP 10.0.0.10.5060 > 46.19.208.89.5060: SIP, length: 655
    10:59:11.168999 IP *.*.*.*.5060 > 46.19.208.89.5060: SIP, length: 655
    10:59:11.258079 IP 46.19.208.89 > *.*.*.*: ICMP 46.19.208.89 udp port 5060 unreachable, length 556
    10:59:11.258109 IP 46.19.208.89 > 10.0.0.10: ICMP 46.19.208.89 udp port 5060 unreachable, length 556

    We ended up running Wire-shark, and while I don't necessarily agree, Sophos is saying that the packets appear malformed, inbound from the provider.
Reply
  • 0
    Hi all,
    Sorry for the lateness.  We ended up abandoning the provider, since their support was terrible (for this and other things).  

    Bob - The source IP is actually the VOIP phone.  And yes, it looks like I provided the incorrect logs.

    However, I did work with Sophos support and they found that the provider seemed to be returning malformed packets.

    This is what we pulled from the log (censored *.*.*.* is our public IP):
    10:59:11.168972 IP 10.0.0.10.5060 > 46.19.208.89.5060: SIP, length: 655
    10:59:11.168999 IP *.*.*.*.5060 > 46.19.208.89.5060: SIP, length: 655
    10:59:11.258079 IP 46.19.208.89 > *.*.*.*: ICMP 46.19.208.89 udp port 5060 unreachable, length 556
    10:59:11.258109 IP 46.19.208.89 > 10.0.0.10: ICMP 46.19.208.89 udp port 5060 unreachable, length 556

    We ended up running Wire-shark, and while I don't necessarily agree, Sophos is saying that the packets appear malformed, inbound from the provider.
Children
No Data