Results 1 to 6 of 6

Thread: Firewall and X-lite/QCM

  1. #1

    Default Firewall and X-lite/QCM

    Hello,

    For the past 2 weeks, I have spent an incredible amount of time trying to figure how to make x-lite/qcm work through the company's firewall (smoothwall express 3.0). So far I managed to:

    - X-Lite/QCM registers properly with the Quadro4X Box (sip registration)
    - X-Lite/QCM receives audio from the Sip phone on the quadro's lan side but the sip phone receives no audio at all.
    - Both party can successfuly ring the other party

    I know that the problem is the company's firewall because I have tested X-Lite in between the firewall and the quadro's wan side and it worked perfectly. So I'm looking at what ports or protocol I fail to open / forward / enable.

    Here is the network schema from the quadro's lan side to the x-lite/QCM application

    Quadro's lan side (172.30.0.0) --> Quadro's Wan side (192.168.2.0) --> Firewall DMZ gateway (192.168.2.254) --> Firewall Safe side gateway (192.168.1.254) --> Safe lan (192.168.1.0)

    I have opened and forwarded the following ports:
    192.168.2.200 --> 192.168.1.0/24 UDP 5060
    192.168.1.0/24 --> 192.168.2.200 UDP 5060
    192.168.2.200 --> 192.168.1.0/24 UDP 6000:6099 (manualy set listen ports on x-lite application)

    I have also tried alot of ports forwarding combinations but I'm starting to lose hope.

    I would very much appreciate any help/comfort on the situation.

  2. #2

    Default

    Hi there,

    Firewalls can cause trying times for the integrator but having said that inside the Epygi will give you clues in the form of log files ( SIPUA ) which will enlighten yourself as to what is happening. Also the event log will give you more information, as well as the status page of your sip registrations note directly underneath all of the registrations it will be your guide and possibly will point to where you need to look further.

    Regards

    Kevin

  3. #3
    Quadro Architect
    Join Date
    Jun 2006
    Location
    Around myself
    Posts
    2,075

    Default

    I suppose your QCM/XLite is on the "safe lan"... And the 192.168.2.200 is the WAN IP address of the Quadro. Correct?

    If that is the case, first of all, try to disable STUN on your Quadro unit. Your network config is not standard, and if you use STUN, you will most probably have unpredictible resilts.

    So assuming that your SIP port on the Quadro is 5060, and the RTP port range in "RTP Settings" is 6000-6099, I would suggest to
    go to "Telephony->NAT Traversal Settings", set the "NAT Traversal for SIP" to "Force";
    in the "SIP Parameters" set the "Use Manual NAT Traversal" with "Mapped Host"=192.168.1.254, "Mapped Port"=5060;
    on the "RTP Parameters" set the "Use Manual NAT Traversal" with "Mapped Host"=192.168.1.254, "Mapped RTP/RTCP Port Range"->Min=6000, Max=6099.

    On the firewall make sure you forward everything coming to port 192.168.1.254:5060,6000-6099 to the 192.168.2.200:5060,6000-6099.

    Please try that and tell if you see any difference.

    Best regards,
    David

  4. #4

    Default

    Thank you both for your time and suggestions. I have tried everything thrown out including parsing the log files. Unfortunatly, the audio is still only one way.

    SIP_UA.log file looks like this (some vary depending on the settings I try):

    ***************************** SIP message buffer start *****************************
    SIP/2.0 200 OK
    Via: SIP/2.0/UDP 192.168.2.254:5060;rport=5060;branch=z9hG4bKEPSVBU S9304f4db-d947-4a9a-821a-1386ccce188f;received=192.168.2.200
    Contact: <sip:103@192.168.1.17:6054>
    To: "First name, Name - 103"<sip:103@192.168.2.200>;tag=e9264245
    From: "105"<sip:105@192.168.2.200>;tag=12412873491369c96 4-12ca-44b1-957d-46234aeb7c61
    Call-ID: ZWVhNzIyYmQ0MDZkODQzMjkyYmJjZDZiMGQwNmRiMDE.
    CSeq: 88 BYE
    User-Agent: X-Lite release 1103d stamp 53117
    Content-Length: 0

    Anyway, I'm starting to think that I should move the Quadro under the "Safe WAN" to resolve this problem. What do you think?

  5. #5
    Quadro Architect
    Join Date
    Jun 2006
    Location
    Around myself
    Posts
    2,075

    Default

    Hmm, this is one of the most useless messages you could copy from thta log...

    INVITE and the OK messages containing the media parameters could show some information. You can mark the logs, make a call with one-way audio, mark the logs again then copy here the logs between two mark signs. This could show who is passing wrong media parameter. Did you apply the setup I suggested?

    Alternatively, not to mess up with all that complex network stuff, you could move the Quadro from behind your "Firewall DMZ gateway" to the "safe lan" side. Anyway, I don't see why Quadro is put behind that gateway... probably it is not necessary at all, and is complicating things a lot.

    Best regards,
    David

  6. #6

    Default

    Yes I have tried everything you suggested but hélas, no luck.

    I have learned alot since I first decided to put the quadro behind the DMZ. I beleive at the time I was only trying not to open unnecessary ports on the safe lan. Plus, I didn't know that the quadro was going to have a lan and wan side. Long story short, I didn't know a thing about the product.

    I'll probably move the quadro to the safe lan side by the end of next week. This being said, I want to thank you for your help. Much appreciated.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Quadro 16x behind FortiGate Firewall
    By pdiaz in forum 'How Do I' Questions
    Replies: 2
    Last Post: 07-22-2010, 09:33 AM
  2. Problem activating firewall
    By Vpluar in forum Troubleshooting and Problems
    Replies: 16
    Last Post: 02-12-2009, 07:04 AM
  3. Firewall - Name Resolution
    By timmeah in forum Troubleshooting and Problems
    Replies: 1
    Last Post: 05-02-2008, 10:21 PM
  4. Quadro 2X Firewall & NAT on/off ?
    By russell in forum 'How Do I' Questions
    Replies: 6
    Last Post: 03-06-2008, 04:48 AM
  5. Using a Quadro with Dual WAN Firewall
    By davi807 in forum Troubleshooting and Problems
    Replies: 1
    Last Post: 07-17-2006, 03:11 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •