This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Faulty Secondary link causes Phone's to disconnect.

HI All,

I have a issue at one of my client running a UTM SG310 unit. This is regarding their VOIP using hosted PBX (2 different providers as there are 2 entities on 1 utm)  

Let me just give you all the info to explain the issue.

Physical setup

2 Wan connections Separate ISP's

Uplink interfaces

Primary 300Mbps Fiber (weight 100) - Latency to 8.8.8.8, 1MS

Secondary 100Mbps Radio link  (weight 80) -  Latency to 8.8.8.8, 8-12MS

Lan > 172.16.0.0/22

Phone vlan17 (phones) 192.168.243.0/24 GW> UTM > DNS 172.16.0.170 (DC) - QOS set  Firewall rules only allows connections to the Hosted PBX (any service) Second Firewall rule allows DNS and Time server to DC 172.16.0.170. This is also the DHCP server.

Phone Vlan 2 (phones) 192.168.250.0/24 GW> UTM > DNS 172.16.0.170 (DC) - QOS set Firewall rules only allows connections to the Hosted PBX (any service) Second Firewall rule allows DNS and Time server to DC 172.16.0.170. This is also the DHCP server.

Vlan 2 and 17 is set to bypass IPS, SIP ALG Disabled. 

This is 2 separate BPX providers for 2 entities using the same firewall. 

Multipath rules for both is set to Use Primary link. Only skip rule if interface is in error. 

Masquerading For both Vlan interfaces is set to Uplink interfaces. 

There are more interface rules but does this matter does not involve them.

The Cause of issue.

The Secondary Link is "flapping" ISP is investigating matter. (link goes down randomly between 20 Sec and up to 10 Min) 

Primary Link stable.

The issue.

When the secondary link Goes offline, a lot of the phones will randomly discconect from the hosted PABX providers. Both vlan 2 and 17. 

They will reconnect but takes some time. This happens each time the secondary link drops. *primary is up and stable

When i monitor by interface, there are no traffic goin to the secondary link from any of these 2 vlans. 

What i have tried.

I have changed the Masquerading to force both Vlans to the primary link.

I have changed the LAN also to only connect over primary

The only time the issue goes away, is when we physically unplug or turn off the interface on the UTM. 

The ISP is working in resolving the matter on their end. however it should not cause the phones to go offline.

Any suggestions as to what i have misconfigured. 



This thread was automatically locked due to age.
Parents Reply Children
  • Hi Darius,

    If you're still having problems, tell us what you learn from doing #1 in Rulz (last updated 2021-02-16).

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi There,

    UDP is disabled. But i have built in exclusions. (PIC)

    But i have no issues with Voice Quality. The Phones completely loses connection to the SIP servers. Then takes a couple of min to reconnect each time the secondary line drops. and if the line stays off. no issues. but if the line comes up again and drops. They experience issues again. I am going to do a tcp dump of the secondary wan to try and figure out what traffic is coming from the 2 vlans to that nic. there  is not supposed to be any...