Ping through PBF Policy intermittently dying

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Ping through PBF Policy intermittently dying

L4 Transporter

I think this might be related to DoS protection somehow, but I can't find anything being blocked in any of the logs.  I'm sure I'm not looking in the right spot, though.

 

We have a normal Internet gateway (default route), and a separate point-to-point connection to a SIP provider.

 

I have a PBF Policy in place that forwards VoIP traffic through the ptp link.  Along with the two sets of NAT/Security Policies to allow traffic through both the Internet gateway and the ptp link.  That's all working nicely, including the fail-over (link monitoring).

 

I have another PBF Policy in place that forwards pings from our network monitoring server to the SIP providers router and PBXes through the ptp link.  Along with the NAT/Security Policies to allow traffic through both links.It sends 5 ping requests every minute.

 

Every now and then, I get alerts that the VoIP router is down as there are no ping responses coming back.  The PBF Policies are listed as Active, and VoIP traffic is going through correctly.  But there are no sessions listed for traffic between the monitor IP and the router IP.  Then a few minutes later, I get the alert that things are working again.  The PBF Policy is still listed as Active, but now there are sessions showing the ping traffic.

 

I'm at a loss as to why the ping packets are not making it through the firewall all the time.  The only thing I can think of is DoS protections, but I don't have any DoS Protection Policies configured, or Zone Protection Profiles enabled.  There's nothing showing in the Threats log, nor anything listed as Deny in the Traffic log.  The MAC of the VoIP router never changes and is always listed in "show arp" on the right interface.

 

When the network monitor shows the VoIP router as being "up", there are sessions shown on the firewall.  When it's shown as "down" there are no sessions shown on the firewall, and the pings are being dropped.  I just can't figure out where.

 

Where else can I look to see why these pings are being dropped?

1 accepted solution

Accepted Solutions

Hrm, this may be due to the NAT Policy and my misunderstanding of the different Source NAT options.  Changing the Source NAT type to Dynamic IP and Port makes it work.

 

It was originally set to just Dynamic IP as I didn't want the source port to change, but that seems to be preventing it from sending pings sometimes (maybe one of the other two stations using that same public IP is using that port?).

 

So far, things are working much better.  Will have to monitor for awhile longer to make sure this was the issue.

View solution in original post

2 REPLIES 2

L4 Transporter

Hrm, doing a Packet Capture, I see the ping packets in the drop.pcap, so there's definitely something blocking the pings.

 

I just can't figure out what or why.  😞

Hrm, this may be due to the NAT Policy and my misunderstanding of the different Source NAT options.  Changing the Source NAT type to Dynamic IP and Port makes it work.

 

It was originally set to just Dynamic IP as I didn't want the source port to change, but that seems to be preventing it from sending pings sometimes (maybe one of the other two stations using that same public IP is using that port?).

 

So far, things are working much better.  Will have to monitor for awhile longer to make sure this was the issue.

  • 1 accepted solution
  • 2405 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!