While doing a lot of asterisk setups for the last 15 years, there is one problem that keeps me busy at least one time a month and I would really like to know if I can do something about it. It happened with all asterisk versions I ever used (and that’s a lot).
So I am talking about asterisk setups behind NAT Firewalls (but without portforwardings for security reasons). Everything works fine for months or even years but at some day calls to the VoIP Provider stop working. In this case I turn debug on and I notice that asterisk is sending registers to the provider but doesn’t get any answers. It looks like the answers get filtered by the firewall. Or the register pakets get filtered in the first place.
When I have this state there are two things I can do about that:
- stop asterisk for at least five to ten minutes. It looks like if there es no traffic from asterisk for some minutes, the firewall forgets what it was grumpy about and then when I start asterisk again it works again.
or
- restart the firewall and even the router of the ISP in front of the firewall. Then it usualy starts to work again.
While I am sure that this is of course not the fault of asterisk I wonder if someone else saw something like this and if there is something I can do about that from my side or at least somthing I could tell the admins of the firewalls.
When talking about that with the firewall guys, no one was helpful here by now.
What I discovered in all these years:
- I think this behaviour happens very often with Fortigate Firewalls
- I somehow think that it got a bit better since I started to use alternative ports on my side (so bind pjsip to some random port instead of 5060). But it also happened with alternative ports. But my impression is that it happens less.
Maybe someone experienced something like this also?