Outbound rules not working


#1

In the example below it looks like the outbound rules are not working. They have been ok for a long time. Upgraded to 7.1.2 recently so I’m suspecting thats where the issue is.

LAN 10.60.12.229 is our Asterisk server. All outbound traffic must go through one WAN for authentication on the other end. I normally do this with a simple outbound rule, source=10.60.12.229, algorithm=priority, WAN=Frontier. By using Priority the system still works if that WAN goes down. It doesn’t matter which WAN we use, as long as its not split.

We’ve been having trouble with outbound calls. The call will initiate but there is no audio. This usually means the RTP stream is not getting there, which is ports 10,000 - 20,000. Ports should not matter because my rule above prioritizes all ports from that LAN address. In spite of that rule, I found that some outbound traffic from that device was going to WAN:Frontier, and some was going to WAN:Cable.

I changed the rule to enforced. That should do it, right? Nope, still had the same problem.

I added rules for the ports as shown below. Even with these backup rules, the outbound sessions are being split between the WAN ports. I believe this is a bug in the new firmware.


#3

Don: Is your issue similar to this one … ?


#4

Yes that is the same issue. I was not having the problem until I upgraded to 7.1.2. I am currently only having the problem at one location on a Balance One. I have other locations with the same Balance One and 7.1.2, and at the moment they are working ok.

For now the only solution was to change one of the WAN sources to backup priority so it is effectively disabled. Obviously not a desirable solution as it reduces our WAN bandwidth.

Since opening this thread I have since found that even using ENFORCED does not properly work. I am using LAN IP and port to identify the source. Neither method is working.

Do you have a fix that I can apply? There is only one device on each LAN that requires this treatment.


#5

Is there a previous firmware 7.x that is known to work correctly? If so where can I download it?


#6

I rebooted back to 7.1.1. The rules appear to be working properly. Its only been a few hours so maybe premature, but I did not have any issues prior to 7.1.2.


#7

FYI the device I am having trouble with is a Balance One. My routing rules are based on the source IP.

In a different location I have a B380 running 7.1.2, with no issues. That location has the same type of Asterisk server, same activity. The difference is that on the B380 I have rules written based on the destination IP, instead of the source IP. Maybe that is the difference? I don’t want to upset my users by testing but could be something for you to test. The problem might not have anything to do with the hardware model.


#8

We first noted and reported this using FW 7.1.1. Maybe @sitloongs or @TK_Liew can give us an update? As mentioned in the referenced thread, it appears not to have been addressed in 8.0.0 – but I may be wrong about that.


#9

@Don_Ferrario

Would you please open a support ticket for us to further check ?


#10

I rolled back to 7.1.1, and at the same time changed my outbound rules to look at the destination IP instead of the source IP. Everything is working fine now. Others have said 7.1.1 has the same issue, so I assume the rule works ok if it is based on destination instead of source?


#11

@Don_Ferrario, I have responded below for the reported bug.

I suggest retain the needed outbound policies and reboot the Balance router which had the reported problem to confirm whether the problem persists.