WiFi Calling Issues with TZ270
We are having a persistent issue with a SonicWALL TZ270 that we installed about two months ago. The customer complains that they can't send or receive calls from their cell phones while connected to wireless. We have gone on-site and confirmed that when you try to call out it just sits on the call screen and never connects. Inbound calls go straight to voicemail. Happens with both Androids and iPhones. Here are the troubleshooting steps we've taken so far.
1) Updated the firmware to the latest release (7.0.1-5111) No change
2) The issue happens with both iPhones and Android. Despite these, we tried enabling "Preserve IKE Port . . ." setting per this KB article: https://www.sonicwall.com/support/knowledge-base/unable-to-call-via-apple-wifi-calling/170505913456806/ No change.
3) Per support, we've tried disabling DPI from LAN to WAN zone. No change.
4) Today, we pulled the SonicWALL out and hooked the old ZyXel USG20W router back up. We are going to have them test for a week to see if it stays consistent, but, so far, wireless calling works just fine on my phone, inbound and outbound. They also confirmed that they weren't having the issue prior to the SonicWALL being installed.
Any one else run into this issue and have any thoughts? I've had years of good experiences with SonicWALL, but I'm pretty embarrassed having to apologize to my customer for this brand new device we recommended that's become such a headache at his office. I'd appreciate any guidance from the community.
TKWITS Community Legend ✭✭✭✭✭
Have you run a packet capture to see what is actually happening with the data?...0
Arkwright Cybersecurity Overlord ✭✭✭
Start with the Zyxel's equivalent of Connection Monitor, see what ports/services are used whilst wifi calling.
Then check they're allowed in your Sonicwall configuration, and if it still doesn't work, do a packet capture on dropped packets only0
Hi @Protim Can you help review this and respond
Thank you for following up @TIJU. Any help you or @Protim can offer would be greatly appreciated.
Thank you. I'll be at the customer's site tomorrow and will give that a shot.
Thank you for the tips. I was able to monitor the old (Zyxel) router and narrow down the culprit to UDP Port 4500. When I open that port up WAN>LAN on the SonicWALL, wireless calls happen flawlessly, which is great but does concern me security-wise. Is there a better way to retain the functionality without just opening up that port on the Firewall? Or am I being overly cautious? I'm not super familiar with Port 4500 but it appears to be related to NAT traversal. I'd appreciate any input from SonicWALL or the community and thanks again for your help.
The handset establishes an IPsec tunnel to the mobile provider's datacentre and then all the voice data flows across that. If you don't allow the ports it requires, it will not work. You cannot inspect the traffic in any way.
If you don't trust it then put the phones in their own network with no access to your internal resources. The provider may publish a list of IPs/FQDNs to which handsets will connect and you could allow the necessary services only to those destinations.