Fax Issues with new firewall

Running FreePBX 5.211 and Asterisk 11. Flowroute is our provider. Installed FaxPro two months ago and things have been going great. I recently replaced a hacked Netgear WRT54GL “firewall” with a SonicWall TZ210. Since the switch, all phone calls are working great, but faxes quite working. I haven’t changed anything on FreePBX, Flowroute, or the e-mail address that faxes get sent to…so I’m assuming its something with the new firewall. When I try to receive a fax, I get the following readout in the log files:

[2014-12-18 16:07:18] VERBOSE[38101][C-0000043f] pbx.c: – Executing [[email protected]:3] Set(“SIP/Flowroute-0000098e”, “FAX_ATTACH_FORMAT=pdf”) in new stack
[2014-12-18 16:07:18] VERBOSE[38101][C-0000043f] pbx.c: – Executing [[email protected]:4] Set(“SIP/Flowroute-0000098e”, “FAX_RX_EMAIL=b********[email protected]”) in new stack
[2014-12-18 16:07:18] VERBOSE[38101][C-0000043f] pbx.c: – Executing [[email protected]:5] Set(“SIP/Flowroute-0000098e”, “ARIUSER=8”) in new stack
[2014-12-18 16:07:18] VERBOSE[38101][C-0000043f] pbx.c: – Executing [[email protected]:6] AGI(“SIP/Flowroute-0000098e”, “fax.agi”) in new stack
[2014-12-18 16:07:18] VERBOSE[38101][C-0000043f] res_agi.c: – Launched AGI Script /var/lib/asterisk/agi-bin/fax.agi
[2014-12-18 16:07:18] VERBOSE[38101][C-0000043f] res_agi.c: – <SIP/Flowroute-0000098e>AGI Script fax.agi completed, returning 0
[2014-12-18 16:07:18] VERBOSE[38101][C-0000043f] pbx.c: – Executing [[email protected]:7] Goto(“SIP/Flowroute-0000098e”, “s,receivefax”) in new stack
[2014-12-18 16:07:18] VERBOSE[38101][C-0000043f] pbx.c: – Goto (ext-fax,s,3)
[2014-12-18 16:07:18] VERBOSE[38101][C-0000043f] pbx.c: – Executing [[email protected]:3] StopPlayTones(“SIP/Flowroute-0000098e”, “”) in new stack
[2014-12-18 16:07:18] VERBOSE[38101][C-0000043f] pbx.c: – Executing [[email protected]:4] ReceiveFAX(“SIP/Flowroute-0000098e”, “/var/spool/asterisk/fax/1418944038.5476.tif,f”) in new stack
[2014-12-18 16:07:18] VERBOSE[38101][C-0000043f] res_fax.c: – Channel ‘SIP/Flowroute-0000098e’ receiving FAX ‘/var/spool/asterisk/fax/1418944038.5476.tif’
[2014-12-18 16:07:21] VERBOSE[38101][C-0000043f] netsock2.c: == Using UDPTL TOS bits 184
[2014-12-18 16:07:21] VERBOSE[38101][C-0000043f] netsock2.c: == Using UDPTL CoS mark 5
[2014-12-18 16:07:44] VERBOSE[38101][C-0000043f] pbx.c: – Executing [[email protected]:5] ExecIf(“SIP/Flowroute-0000098e”, “1?Set(FAXSTATUS=“FAILED: error: Disconnected after permitted retries statusstr: Disconnected after permitted retries”)”) in new stack
[2014-12-18 16:07:44] VERBOSE[38101][C-0000043f] pbx.c: – Executing [[email protected]:6] Hangup(“SIP/Flowroute-0000098e”, “”) in new stack
[2014-12-18 16:07:44] VERBOSE[38101][C-0000043f] pbx.c: == Spawn extension (ext-fax, s, 6) exited non-zero on ‘SIP/Flowroute-0000098e’
[2014-12-18 16:07:44] VERBOSE[38101][C-0000043f] pbx.c: – Executing [[email protected]:1] GotoIf(“SIP/Flowroute-0000098e”, “1?failed”) in new stack
[2014-12-18 16:07:44] VERBOSE[38101][C-0000043f] pbx.c: – Goto (ext-fax,h,103)
[2014-12-18 16:07:44] VERBOSE[38101][C-0000043f] pbx.c: – Executing [[email protected]:103] NoOp(“SIP/Flowroute-0000098e”, “FAX “FAILED: error: Disconnected after permitted retries statusstr: Disconnected after permitted retries” for: b*******[email protected] , From: “+15094570051” <+15094570051>”) in new stack
[2014-12-18 16:07:44] VERBOSE[38101][C-0000043f] pbx.c: – Executing [[email protected]:104] Macro(“SIP/Flowroute-0000098e”, “hangupcall,”) in new stack
[2014-12-18 16:07:44] VERBOSE[38101][C-0000043f] pbx.c: – Executing [[email protected]:1] GotoIf(“SIP/Flowroute-0000098e”, “1?theend”) in new stack
[2014-12-18 16:07:44] VERBOSE[38101][C-0000043f] pbx.c: – Goto (macro-hangupcall,s,3)
[2014-12-18 16:07:44] VERBOSE[38101][C-0000043f] pbx.c: – Executing [[email protected]:3] ExecIf(“SIP/Flowroute-0000098e”, “0?Set(CDR(recordingfile)=)”) in new stack
[2014-12-18 16:07:44] VERBOSE[38101][C-0000043f] pbx.c: – Executing [[email protected]:4] Hangup(“SIP/Flowroute-0000098e”, “”) in new stack
[2014-12-18 16:07:44] VERBOSE[38101][C-0000043f] app_macro.c: == Spawn extension (macro-hangupcall, s, 4) exited non-zero on ‘SIP/Flowroute-0000098e’ in macro ‘hangupcall’

Is there some port I need to open in the SonicWall? Already have RTP and SIP ports open. Anyone else running FaxPro/FreePBX behind Sonicwall that can help me?

Use the packet capture on the SonicWALL to see what it thinks it’s doing with the packets; this will help determine not only the disposition of the packets but also what port(s) are involved.

I found recently that AT&T automagically blocks some ports because they know what’s best for you…so this could be another angle (other carriers might be as well)

Also you could try allowing all traffic to Flowroute’s servers, if you can get an IP list from them you can create a group in your SWALL to allow.

I’ll be back tomorrow if you’re stuck on any of it and @dicko or someone else isn’t around. Until then, Google is your friend!

I pulled my sonicwalls a few years ago, but check and make sure you are enabling consistent NAT, and turn off any SIP Helpers or ALGs, “Enable SIP Transformations” etc.

I would endorse Preston’s position, I did the same about three years ago, just search the forums for sonicwall, they get about D- for a grade, they just can’t walk and chew gum at the same time especially if you have two pieces of gum.

(go back to your dd-wrt/tomato hacked $30 router, it worked, no?)

Thanks for the responses so far. Overall I’m very impressed with the Sonicwall compared to some of the Netgear stuff I’ve tried recently…so I’m going to keep it. Preston, I double checked everything you mentioned and it is all set correctly. I will try opening everything from Flowroute IPs like Overkill suggested. Stay tuned…

O.K…made some progress. Opened up all ports to and from FreePBX server and to and from Flowroute and no change. Opened up just ports 4000 - 4999 for t38…no change. Finally I turned off T-38 Passthrough under Asterisk SIP Settings and suddenly its working. I can now send and receive faxes. Asterisk CLI spits out a few errors, but it works.

So I’m concluding that SonicWall doesn’t like T38 transmission, or at least not the way FreePBX likes to handle it. Anyone have any clues as to why turning OFF T38 worked?

BTW…just noticed I put Netgear WRT54GL in the first post…meant Linksys. That router did work well for FreePBX applications, but it was quite slow for everything else in the office and was quickly becoming a bottleneck. Switched to a Netgear FVS318N…broke everything and shutdown every 30 minutes. SonicWall has been great so far…Fax has been the first issue and it seems to be resolved.

Thanks for the responses so far. Overall I’m very impressed with the
Sonicwall compared to some of the Netgear stuff I’ve tried recently…so
I’m going to keep it. Preston, I double checked everything you mentioned
and it is all set correctly. I will try opening everything from Flowroute
IPs like Overkill suggested. Stay tuned…