The techie half of my brain wants to get this resolved and I think with enough time it could be but, the business side says I have to weigh up the costs and time involved as we do have a work around in place. Given the fact that bypassing the XTM devices on both my SIP trunks worked without fault, my 3rd party SIP providers will no longer entertain the time to troubleshoot this problem and we now have a bill for a weeks consultancy where nothing was actually achieved. I have asked them to turn off NAT traversal which they advised they had done yet the same symptoms appeared. I don't have eyes on the SBC or the SIP trunk providers. I was advised to use an Any rule too which failed during testing also. Yes, I did log this as a support call with Watchguard but unfortunately all the advise I was given didn't help resolve the issue. Should that be the case I will have to procure another firewall just for this purpose that has been tested to work flawlessly with SIP. My reason for the post was to make sure I hadn't made a school boy error or overlooked something simple.įor now I'm going to bypass the firewalls and then throw everything I can at the SBC to see if it breaks or shows any signs of weakness. These are all enterprise level components but do you think I can find a single configuration guide?Īs we are being charged days rates for all this troubleshooting, the SIP project is now well behind schedule and having proved the firewall is at fault I'm at a loss. The trunk providers are Gamma, the SBC's are Sonus and the firewall Watchguard. I have also attempted to remove the SIP-ALG as I have read posts that this doesn't do 'what it says on the tin' with straight packets filter for signalling UPD 5060 and Media UPD 4000-60000 and this produces the same intermittent fault, which as we know are the most difficult to diagnose. Everything works without fault in this scenario but as we are subject to various compliance regulations (PCI-DSS and others) I'm not happy having to trust the SBC alone to protect my internal network. I have bypassed the firewall using a simple switch and placed the SBC WAN directly on the internet with a public IP and the LAN into the PBX network. I have taken traces from both LAN and WAN sides of the firewall and submitted them to the provider and they are suggesting the firewall is changing the packets, something Watchguard deny despite my logs showing this port address translation.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |