Ping through PBF Policy intermittently dying

fjwcash — Mon, 19 Jun 2017 21:47:11 GMT

I think this might be related to DoS protection somehow, but I can't find anything being blocked in any of the logs. I'm sure I'm not looking in the right spot, though.

We have a normal Internet gateway (default route), and a separate point-to-point connection to a SIP provider.

I have a PBF Policy in place that forwards VoIP traffic through the ptp link. Along with the two sets of NAT/Security Policies to allow traffic through both the Internet gateway and the ptp link. That's all working nicely, including the fail-over (link monitoring).

I have another PBF Policy in place that forwards pings from our network monitoring server to the SIP providers router and PBXes through the ptp link. Along with the NAT/Security Policies to allow traffic through both links.It sends 5 ping requests every minute.

Every now and then, I get alerts that the VoIP router is down as there are no ping responses coming back. The PBF Policies are listed as Active, and VoIP traffic is going through correctly. But there are no sessions listed for traffic between the monitor IP and the router IP. Then a few minutes later, I get the alert that things are working again. The PBF Policy is still listed as Active, but now there are sessions showing the ping traffic.

I'm at a loss as to why the ping packets are not making it through the firewall all the time. The only thing I can think of is DoS protections, but I don't have any DoS Protection Policies configured, or Zone Protection Profiles enabled. There's nothing showing in the Threats log, nor anything listed as Deny in the Traffic log. The MAC of the VoIP router never changes and is always listed in "show arp" on the right interface.

When the network monitor shows the VoIP router as being "up", there are sessions shown on the firewall. When it's shown as "down" there are no sessions shown on the firewall, and the pings are being dropped. I just can't figure out where.

Where else can I look to see why these pings are being dropped?

Re: Ping through PBF Policy intermittently dying

fjwcash — Mon, 19 Jun 2017 21:51:31 GMT

Hrm, doing a Packet Capture, I see the ping packets in the drop.pcap, so there's definitely something blocking the pings.

I just can't figure out what or why. 😞

Re: Ping through PBF Policy intermittently dying

fjwcash — Mon, 19 Jun 2017 22:03:07 GMT

Hrm, this may be due to the NAT Policy and my misunderstanding of the different Source NAT options. Changing the Source NAT type to Dynamic IP and Port makes it work.

It was originally set to just Dynamic IP as I didn't want the source port to change, but that seems to be preventing it from sending pings sometimes (maybe one of the other two stations using that same public IP is using that port?).

So far, things are working much better. Will have to monitor for awhile longer to make sure this was the issue.

topic Re: Ping through PBF Policy intermittently dying in General Topics

Ping through PBF Policy intermittently dying

Re: Ping through PBF Policy intermittently dying

Re: Ping through PBF Policy intermittently dying