Glenn Dalgliesh
2004-Mar-25 18:31 UTC
[Asterisk-Users] Watchguard Firebox 1000 and Asterisk
Has any had any experiences with Watchguard Firebox 1000 and Asterisk. I have asterisk on public side and phones on the private side. I am able to get the phones to register and make outbound calls but the inbound calls are intermittent. I have NAT enable in asterisk and on the Cisco 7960. Any insight would be appreciated. Thanks
> Has any had any experiences with Watchguard Firebox 1000 and Asterisk. I > have asterisk on public side and phones on the private side. I am able to > get the phones to register and make outbound calls but the inbound calls are > intermittent. I have NAT enable in asterisk and on the Cisco 7960.I don't believe the Watchguard products are sip aware, therefore you will need to address all of the nat'ing issues common to running sip and rtp through the box. You are likely to have to change the registration frequency on the C7960 to a shorter period of time as I'd bet the Watchguard will timeout the nat table entries sooner then the phone system. A packet sniffer (eg, ethereal) will be your friend towards resolving the problem. Without "some" indication as to exactly which udp ports are being used for rtp, etc, there isn't going to be much help from the list. I can tell you that I had a snom 200 working through a watchguard in a very similar setup a couple of months ago. I did not have to make any changes to the watchguard in that case at all. (But, the watchguard was at a school where outbound traffic was basically unrestricted. Sound was choppy, but they had a well-known overloaded firewall too.) Rich
The firebox has the UDP timeout set pretty low by default, this is a good thing to help prevent DOS attacks, but isn't a really good thing for a SIP device. There is no option in the GUI to set this. However you can go into the config file itself and modify the following: options.masquerade.udp.timeout: 30 options.services.dynamic.timeout.udp: 25 Set them higher than your "register timeout" on your 7960. Then save the config file and upload to the firebox. HTH -bh Quoting Glenn Dalgliesh <asterisk@techhat.com>:> Has any had any experiences with Watchguard Firebox 1000 and Asterisk. I > have asterisk on public side and phones on the private side. I am able to > get the phones to register and make outbound calls but the inbound calls are > intermittent. I have NAT enable in asterisk and on the Cisco 7960. > > Any insight would be appreciated. > > Thanks > > _______________________________________________ > Asterisk-Users mailing list > Asterisk-Users@lists.digium.com > http://lists.digium.com/mailman/listinfo/asterisk-users > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users > > ------------------------------------------------------------------ This message was sent using IMP, the Internet Messaging Program. -- This message has been scanned for viruses and dangerous content by the Bugs.Hamel.Net MailScanner, and appears to be clean.