Hi to all,
I hope that someone can point me to the right direction to fix this problem in a production environment, this is my situation:
- a fritzbox VDSL router on top of the connections
- next I have a PFSENSE 2.4.2-RELEASE-p1 (amd64) virtualized in a KVM HA CLUSTER environment with 2 dedicated nics WAN and LAN on the same phisical NIC
- FREEPBX behind PFSENSE virtualized in the same cluster.
- all my extensions are fanvil x4g phones
the freepbx is in the same subnet as all the 40 ip phones connected trough a gigabit switch, everything is fast and dedicated to this voip configuration without mixing data with sip. in this freepbx I have 4 pjsip trunks to the external world. I don’t need to connect remote extensions or strange things, simply local traffic and 4 pjsip trunks.
I have followed the tutorials about “disable source port rewriting” “Firewall Optimizzation Options: Conservative” and “firewal scrub” with no solution in pfsense.
This is what happens: let’s say I just restarted everything (freepbx and pfsense) at an initial stage everything works flawless but after ten minutes of massive calls(we have a call center) incoming calls (and not outgoing) starts to LAG around 2 seconds, then after restarting pfsense the LAG disappears. I noticed that if I restart a single fanvil then LAG will disappear for that particular phone for some time, no problems with outgoing calls that works perfectly.
I really cannot figure out of this and I’m receiving a lot of pression from my colleagues cause we have just migrated from multi BRI environment that obviously was very stable but very very very expensive and with a lot of limitations if compared to this new technology 
hope to fix this in some way, I think that this is related to pfsense cause if I put the freepbx behind the fritzbox I don’t have such problems but I’m not sure cause is difficult to investigate. something strange is that with soft phones this is not happening