Watchguard Firewall - No Audio in or out.

Discussion in '3CX Phone System - General' started by choward, Feb 14, 2011.

Thread Status:
Not open for further replies.
  1. choward

    Joined:
    Jan 26, 2010
    Messages:
    6
    Likes Received:
    0
    SPA 942 works on LAN (in and out), but WAN receives "17:26:41.447 [MS105000] C:7.1: No RTP packets were received:remoteAddr=192.168.1.132:16426,extAddr=0.0.0.0:0,localAddr=192.168.1.12:7022
    "

    The packet filter on the firewall does not display any denied packets.

    Below, is the firewall checker log.


    3CX Firewall Checker, v1.0. Copyright (C) 3CX Ltd. All rights reserved.

    <13:44:38>: Phase 1, checking servers connection, please wait...
    <13:44:38>: Stun Checker service is reachable. Phase 1 check passed.
    <13:44:38>: Phase 2a, Check Port Forwarding to UDP SIP port, please wait...
    <13:44:38>: UDP SIP Port is set to 5060. Response received WITH TRANSLATION 16346::5060. Phase 2a check passed with WARNINGS. Some functionality will be LIMITED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/

    <13:44:38>: Phase 2b. Check Port Forwarding to TCP SIP port, please wait...
    <13:44:38>: TCP SIP Port is set to 5060. Response received WITH TRANSLATION 16346::5060. Phase 2b check passed with WARNINGS. Some functionality will be LIMITED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/

    <13:44:38>: Phase 3. Check Port Forwarding to TCP Tunnel port, please wait...
    <13:44:38>: TCP TUNNEL Port is set to 5090. Response received WITH TRANSLATION 16347::5090. Phase 3 check passed with WARNINGS. Some functionality will be LIMITED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/

    <13:44:38>: Phase 4. Check Port Forwarding to RTP external port range, please wait...
    <13:44:41>: UDP RTP Port 9000. Response received WITH TRANSLATION 16348::9000. Phase 4-01 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <13:44:41>: UDP RTP Port 9001. Response received WITH TRANSLATION 16349::9001. Phase 4-02 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <13:44:41>: UDP RTP Port 9002. Response received WITH TRANSLATION 16350::9002. Phase 4-03 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <13:44:41>: UDP RTP Port 9003. Response received WITH TRANSLATION 16351::9003. Phase 4-04 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <13:44:41>: UDP RTP Port 9004. Response received WITH TRANSLATION 16352::9004. Phase 4-05 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <13:44:41>: UDP RTP Port 9005. Response received WITH TRANSLATION 16353::9005. Phase 4-06 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <13:44:41>: UDP RTP Port 9006. Response received WITH TRANSLATION 16354::9006. Phase 4-07 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <13:44:41>: UDP RTP Port 9007. Response received WITH TRANSLATION 16355::9007. Phase 4-08 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <13:44:41>: UDP RTP Port 9008. Response received WITH TRANSLATION 16356::9008. Phase 4-09 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <13:44:41>: UDP RTP Port 9009. Response received WITH TRANSLATION 16357::9009. Phase 4-10 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <13:44:41>: UDP RTP Port 9010. Response received WITH TRANSLATION 16358::9010. Phase 4-11 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <13:44:41>: UDP RTP Port 9011. Response received WITH TRANSLATION 16359::9011. Phase 4-12 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <13:44:41>: UDP RTP Port 9012. Response received WITH TRANSLATION 16360::9012. Phase 4-13 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <13:44:41>: UDP RTP Port 9013. Response received WITH TRANSLATION 16361::9013. Phase 4-14 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <13:44:41>: UDP RTP Port 9014. Response received WITH TRANSLATION 16362::9014. Phase 4-15 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <13:44:41>: UDP RTP Port 9015. Response received WITH TRANSLATION 16363::9015. Phase 4-16 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <13:44:41>: UDP RTP Port 9016. Response received WITH TRANSLATION 16364::9016. Phase 4-17 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <13:44:41>: UDP RTP Port 9017. Response received WITH TRANSLATION 16365::9017. Phase 4-18 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <13:44:41>: UDP RTP Port 9018. Response received WITH TRANSLATION 16366::9018. Phase 4-19 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <13:44:41>: UDP RTP Port 9019. Response received WITH TRANSLATION 16367::9019. Phase 4-20 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <13:44:41>: UDP RTP Port 9020. Response received WITH TRANSLATION 16368::9020. Phase 4-21 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <13:44:41>: UDP RTP Port 9021. Response received WITH TRANSLATION 16369::9021. Phase 4-22 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <13:44:41>: UDP RTP Port 9022. Response received WITH TRANSLATION 16370::9022. Phase 4-23 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <13:44:41>: UDP RTP Port 9023. Response received WITH TRANSLATION 16371::9023. Phase 4-24 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <13:44:41>: UDP RTP Port 9024. Response received WITH TRANSLATION 16372::9024. Phase 4-25 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <13:44:41>: UDP RTP Port 9025. Response received WITH TRANSLATION 16373::9025. Phase 4-26 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <13:44:41>: UDP RTP Port 9026. Response received WITH TRANSLATION 16374::9026. Phase 4-27 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <13:44:41>: UDP RTP Port 9027. Response received WITH TRANSLATION 16375::9027. Phase 4-28 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <13:44:41>: UDP RTP Port 9028. Response received WITH TRANSLATION 16376::9028. Phase 4-29 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <13:44:41>: UDP RTP Port 9029. Response received WITH TRANSLATION 16377::9029. Phase 4-30 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <13:44:41>: UDP RTP Port 9030. Response received WITH TRANSLATION 16378::9030. Phase 4-31 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <13:44:41>: UDP RTP Port 9031. Response received WITH TRANSLATION 16379::9031. Phase 4-32 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <13:44:41>: UDP RTP Port 9032. Response received WITH TRANSLATION 16380::9032. Phase 4-33 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <13:44:41>: UDP RTP Port 9033. Response received WITH TRANSLATION 16381::9033. Phase 4-34 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <13:44:41>: UDP RTP Port 9034. Response received WITH TRANSLATION 16382::9034. Phase 4-35 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <13:44:41>: UDP RTP Port 9035. Response received WITH TRANSLATION 16383::9035. Phase 4-36 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <13:44:41>: UDP RTP Port 9036. Response received WITH TRANSLATION 16384::9036. Phase 4-37 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <13:44:41>: UDP RTP Port 9037. Response received WITH TRANSLATION 16385::9037. Phase 4-38 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <13:44:41>: UDP RTP Port 9038. Response received WITH TRANSLATION 16386::9038. Phase 4-39 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <13:44:41>: UDP RTP Port 9039. Response received WITH TRANSLATION 16387::9039. Phase 4-40 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <13:44:41>: UDP RTP Port 9040. Response received WITH TRANSLATION 16388::9040. Phase 4-41 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <13:44:41>: UDP RTP Port 9041. Response received WITH TRANSLATION 16389::9041. Phase 4-42 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <13:44:41>: UDP RTP Port 9042. Response received WITH TRANSLATION 16390::9042. Phase 4-43 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <13:44:41>: UDP RTP Port 9043. Response received WITH TRANSLATION 16391::9043. Phase 4-44 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <13:44:41>: UDP RTP Port 9044. Response received WITH TRANSLATION 16392::9044. Phase 4-45 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <13:44:41>: UDP RTP Port 9045. Response received WITH TRANSLATION 16393::9045. Phase 4-46 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <13:44:41>: UDP RTP Port 9046. Response received WITH TRANSLATION 16394::9046. Phase 4-47 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <13:44:41>: UDP RTP Port 9047. Response received WITH TRANSLATION 16395::9047. Phase 4-48 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <13:44:41>: UDP RTP Port 9048. Response received WITH TRANSLATION 16396::9048. Phase 4-49 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <13:44:41>: UDP RTP Port 9049. Response received WITH TRANSLATION 16397::9049. Phase 4-50 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/


    Application exit code is 53


    I think this may have to do with NAT and RTP not playing well....

    Any help would be appreciated.

    Thanks!
    Chris
     
  2. Borsoock

    Borsoock New Member

    Joined:
    Apr 8, 2007
    Messages:
    149
    Likes Received:
    0
    You see port translation warnings, right? Are you positive you set up port forwarding correctly? If yes, turn on static port mapping or if not possible swap your firewall with one that is able to work WITHOUT port translation.

    Thanks
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. choward

    Joined:
    Jan 26, 2010
    Messages:
    6
    Likes Received:
    0
    I spent an hr with the watchguard people... Their level 2 technician confirmed that I have all the port forwarding correct. Sounds like this isn't going to work with my firewall... Bummer. It seemed like a great fit for my company. :|

    ps. this is a watchguard X550 using fireware 10.
     
  4. Fatboy40

    Fatboy40 New Member

    Joined:
    Aug 2, 2010
    Messages:
    170
    Likes Received:
    0
    I can't comment on your logs, however, my setup is with a WatchGuard x750e running XTM 11.2 and everything works perfectly.

    (Using static NAT + only the basic required ports (5060 + 9000/9049)
     
  5. choward

    Joined:
    Jan 26, 2010
    Messages:
    6
    Likes Received:
    0
    @ Fatboy

    I added a policy.

    I added the following ports:
    5060 TCP/UDP
    5090 TCP/UDP
    9000-9049 UDP

    From: ANY

    Add NAT, (Static NAT)
    To: Public IP -> Internal IP

    Run Firewall checker and watchguard is still translating these ports...

    Please shed some insight on your procedure to add this policy. I'm dying to make this work.
     
  6. choward

    Joined:
    Jan 26, 2010
    Messages:
    6
    Likes Received:
    0
    I got it to work! One problem with watchguard, is that NAT gets translated in the following 2 scenarios:

    1. You have more than 1 IP address assigned to your external adapter
    2. You apply a static NAT for more than one port

    The correct solution was to create a 1:1 NAT for the 3cx host. Scary, I now have a windows server sitting on the internet.

    Thanks,
    Fatboy and Boorsock
     
  7. Borsoock

    Borsoock New Member

    Joined:
    Apr 8, 2007
    Messages:
    149
    Likes Received:
    0
    Wait! Turn Off STUN on 3CX. Settings->Network-> STUN Server. Restart services and re-run FW chceker.

    Thanks
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Thread Status:
Not open for further replies.