Magicjack. . .ISA blocking VOIP ports?

Magicjack. . .ISA blocking VOIP ports? (Full Version)

All Forums >> [ISA Server 2004 General ] >> General

Message

TechFan -> Magicjack. . .ISA blocking VOIP ports? (20.May2008 1:56:11 AM)
I just got a MagicJack and was hoping to test it on our network, but I can't get it to work behind our ISA 2004 firewall. The tech support says that our network is blocking ports 5060-5070 somehow. I checked with our ISP's and they are not blocking those ports. We have a dual wan router outside our ISA. When I connect a machine directly to that subnetwork, the magicjack works fine, so it has to be something with our ISA firewall setup. I created an outgoing rule to allow ALL from a specific host (where testing the Magicjack), but it still doesn't work. I even tried disabling ALL (incoming/outgoing) other rules. Still nothing. What can be blocking this from working when I am specifically allowing access?

Rotorblade -> RE: Magicjack. . .ISA blocking VOIP ports? (20.May2008 3:13:52 PM)
Did you define the protocol with the proper port range? Is the client using the Firewall client? RB

TechFan -> RE: Magicjack. . .ISA blocking VOIP ports? (20.May2008 4:25:07 PM)
No. I currently have a rule allowing all traffic from the testing host. The firewall client is not being used either, but as I said ALL traffic is allowed.

Rotorblade -> RE: Magicjack. . .ISA blocking VOIP ports? (20.May2008 9:10:20 PM)
Ok, 1. Define the protocol with the proper port ranges. 2. Create an Access rule to allow protocol access. 3. Install the ISA firewall client or SecureNAT client on the client(s) running the VOIP application. The client using the applictaion is not going very far without using the firewall client. HTH RB

TechFan -> RE: Magicjack. . .ISA blocking VOIP ports? (20.May2008 9:50:09 PM)
I will set it up. I would appreciate any info you have on why it would make a difference if the protocol is defined or the client installed if there is an access rule that allows ALL traffic from that specific host IP address. One of the two of us must be missing something obvious, maybe it is me. ----- MCSE(NT4,2000,2003)

Rotorblade -> RE: Magicjack. . .ISA blocking VOIP ports? (21.May2008 8:51:38 AM)
quote: I will set it up. I would appreciate any info you have on why it would make a difference if the protocol is defined or the client installed if there is an access rule that allows ALL traffic from that specific host IP address. Sure, Without installing either the ISA Firewall or SecureNAT client on the client machines running the application, no access is going to be made to the Internet through ISA using the application. WebProxy client access is limited to Web protocols only. Preferably you should consider using the Firewall client over the SecureNAT client. Using the SecureNAT client limits you to anonymous access only in your access rules. Regarding the “All Open”. Unless you’re planning on allowing “all open” access all the time, (which you shouldn’t do) you will need to define the protocol and the associated access rule in the ISA firewall policy. It’s just one of those best-practices things that you should follow. HTH RB

TechFan -> RE: Magicjack. . .ISA blocking VOIP ports? (21.May2008 9:40:16 AM)
I set up the protocol definition, but I didn't have a chance to setup a machine with the client today. Yes, I understand I shouldn't always have it all open, but I don't even bother with the specific rule unless I can get it working "all open" first. That is why I don't see how a specific rule is going to help if the all open doesn't. It is all open for anonymous access on that machine. . .

TechFan -> RE: Magicjack. . .ISA blocking VOIP ports? (22.May2008 3:32:32 AM)
Ok. Well, I installed the client and created the protocol. It is still failing as before. Looking closer at the logs shows this entry: A connection was gracefully closed in an orderly shutdown process with a three-way FIN-initiated handshake. 0x80074e20. Again, it works fine if I connect it outside the ISA layer. Any ideas?

TechFan -> RE: Magicjack. . .ISA blocking VOIP ports? (26.May2008 9:44:38 AM)
It looks like it is the dreaded ISA SIP issues with 5060. . .that stinks. I guess I have to return this thing since my primary access is through that ISA server. . .and to far away from the actual ISP connection to place it outside. What I don't get is how products like Gizmo (also SIP based) work just fine.

ksaye -> RE: Magicjack. . .ISA blocking VOIP ports? (23.May2010 11:36:24 PM)
For others who are having this issue, I have documented how to get this working below: Allowing MagicJack through ISA/TMG This setup assumes you have a working TMG2010 server, but the steps should work with ISA as well. In my particular case, I decided to run the MagicJack device on the TMG server, but I also tested in on a machine (Windows7, x64) behind the TMG server also. Assumptions: TMG is up and working There is already a rule that allows the TMG server and machines behind the TMG server to communicate with the internet using HTTP and HTTPS. The rule that we will create below should be very high in the order list, to ensure that no other rule applies, as the UDP “send receive” setting is required. TMG Rule Setup: We will simply create a Firewall Rule named “MagicJack” that allows outbound communication (and replies) on UDP port 5070 (needed for registration and connection) and allows for UDP communication on ports above 10,000 (needed for voice communication). Step 1: Create a new Access Rule (in TMG, right click Firewall Policy è New è Access Rule). Step 2: Name the rule “MagicJack” and click next. Step 3: Set the rule action to “Allow” and click next. Step 4: On the select protocols, click add and create (and add) the following 2 Protocols. · Name: Magic Jack, Protocol: UDP, Direction: Send Receive, Ports: from 5070 to 5070 · Name: UDP 10K+, Protocol: UDP, Direction: Send Receive, Ports: from 10000 to 65535 Step 5: On the Access Rule Source screen, select “Local Host” (or Internal if not running on TMG server) and click next. Step 6: On the Access Rule Destination screen, select “External” and “Local Host” and click next. Step 7: On the User Sets screen, leave the “All Users” and click next. Step 8: Click finished then click the apply button to apply changes. TMG may take a few minutes to apply.

TechFan -> RE: Magicjack. . .ISA blocking VOIP ports? (25.May2010 1:56:09 AM)
Thank you. It seems to be working now.

Page: [1]