We have a setup in which a specific source IP communicates to destination IP via UDP-5060.
In the topology below. You can see that it is just a basic L2/L3 connection although from Core to WAN routers we have a fortigate firewall which is in transparent mode and doing a L2 bridging.
Diagram: https://ibb.co/mtJjg12
This worked before however we recently ran into an issue in which the UDP-5060 packet being sent from the core switch is not being received by any of the WAN routers. Refer to the diagram.
We did run a packet capture on all devices from the core, fw and WAn router.
a. From core I'm seeing that packets are being forwarded to Firewall (IPS)
b. From the firewall we can also see that the packet is accepted and forwarded? however not able to receive it on two of the WAN router.,
:: logs from firewall.
327.220024 port2 out 172.10.10.1.5060 -> 172.20.20.200.5060: udp 551
331.220890 port2 out 172.10.10.1.5060 -> 172.20.20.200.5060: udp 551
335.221877 port2 out 172.10.10.1.5060 -> 172.20.20.200.5060: udp 551
340.719565 port2 out 172.10.10.1.5060 -> 172.20.20.200.5060: udp 551
341.220287 port2 out 172.10.10.1.5060 -> 172.20.20.200.5060: udp 551
342.221032 port2 out 172.10.10.1.5060 -> 172.20.20.200.5060: udp 551
c. WAN routers - From router run a packet capture, verify the flow and added ACL and no visibility on UDP5060
from the above logs, does it 100% prove that it is sending out the udp5060 packet out to the WAN router? The WAN setup is active standby so I failover the traffic from active to standby however still the same.
Any issue on this issue ? and is there any way needed to be checked on the FW IPS side ?
Thank you
No comments:
Post a Comment