Community discussions

MikroTik App
 
JimLafleur
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 60
Joined: Thu Nov 19, 2020 2:35 am

Config check

Thu Jun 10, 2021 2:34 pm

Hi,
Here's my config below. Does it look standard? Are the firewall rules in the correct order? Is there some things that could be done to make the port forwarding better?
My goal is to optimize VoIP traffic.

# jun/04/2021 14:27:43 by RouterOS 6.48.2
# software id = 8LB4-7SAS
#
# model = RB750Gr3
# serial number = xxxxxxxxxxxxxxx
/interface ethernet
set [ find default-name=ether1 ] comment=WAN1 mac-address=C4:AD:34:72:1D:1A \
    name=ether1-WAN1
set [ find default-name=ether2 ] comment=\
    "LAN4 (Misc: External devices: Ventilation, etc)" mac-address=\
    C4:AD:34:72:1D:1B name=ether2-LAN4
set [ find default-name=ether3 ] comment="LAN3 (FunCo Wifi)" mac-address=\
    C4:AD:34:72:1D:1C name=ether3-LAN3
set [ find default-name=ether4 ] comment="LAN2 (FunCo Business)" mac-address=\
    C4:AD:34:72:1D:1D name=ether4-LAN2
set [ find default-name=ether5 ] comment="LAN1 (Phones and PBX)" mac-address=\
    C4:AD:34:72:1D:1E name=ether5-LAN1
/interface list
add name=LAN
add name=WAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=dhcp_pool0 ranges=192.168.1.70-192.168.1.254
add name=dhcp_pool5 ranges=192.168.0.70-192.168.0.254
add name=dhcp_pool3 ranges=10.10.3.70-10.10.3.254
add name=dhcp_pool4 ranges=172.18.4.70-172.18.4.254
/ip dhcp-server
add address-pool=dhcp_pool0 disabled=no interface=ether4-LAN2 name=dhcp1
add address-pool=dhcp_pool5 interface=ether5-LAN1 name=dhcp2
add address-pool=dhcp_pool3 disabled=no interface=ether3-LAN3 name=dhcp3
add address-pool=dhcp_pool4 disabled=no interface=ether2-LAN4 name=dhcp4
/queue tree
add max-limit=140M name=Upload parent=ether1-WAN1 priority=1 queue=default
add limit-at=15M max-limit=15M name=upload_pri_1 packet-mark=RTP parent=\
    Upload priority=1 queue=default
add limit-at=15M max-limit=15M name=upload_pri_2 packet-mark=SIP parent=\
    Upload priority=2 queue=default
add max-limit=110M name=upload_pri_8 packet-mark=no-mark parent=Upload queue=\
    default
add max-limit=40M name=Download-Phones parent=ether5-LAN1 priority=1 queue=\
    default
add limit-at=15M max-limit=15M name=download_pri_1 packet-mark=RTP parent=\
    Download-Phones priority=1 queue=default
add limit-at=15M max-limit=15M name=download_pri_2 packet-mark=SIP parent=\
    Download-Phones priority=2 queue=default
add limit-at=10M max-limit=10M name=download_pri_5 packet-mark=no-mark \
    parent=Download-Phones priority=5 queue=default
add limit-at=95M max-limit=95M name=Download-Business packet-mark=no-mark \
    parent=ether4-LAN2 queue=default
add limit-at=5M max-limit=5M name="Download Misc" packet-mark=no-mark parent=\
    ether2-LAN4 queue=default
/system logging action
set 1 disk-file-count=4 disk-lines-per-file=4096
add email-start-tls=yes email-to=thisIs@aTest.com name=emailBlocked target=\
    email
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add interface=ether4-LAN2 list=LAN
add interface=ether5-LAN1 list=LAN
add interface=ether1-WAN1 list=WAN
add interface=ether2-LAN4 list=LAN
add interface=ether3-LAN3 list=LAN
/ip address
add address=192.168.1.1/24 interface=ether4-LAN2 network=192.168.1.0
add address=192.168.0.1/24 interface=ether5-LAN1 network=192.168.0.0
add address=154.89.111.154/30 interface=ether1-WAN1 network=154.89.111.152
add address=172.18.4.1/24 interface=ether2-LAN4 network=172.18.4.0
add address=10.10.3.1/24 interface=ether3-LAN3 network=10.10.3.0
/ip dhcp-client
add interface=ether1-WAN1
/ip dhcp-server network
add address=10.10.3.0/24 gateway=10.10.3.1
add address=172.18.4.0/24 gateway=172.18.4.1
add address=192.168.0.0/24 gateway=192.168.0.1
add address=192.168.1.0/24 gateway=192.168.1.1
/ip dns
set servers=8.8.8.8,1.1.1.1
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid log=yes log-prefix=Drop_Invalid:
add action=drop chain=input comment="Block MAC e2:b5:74:48:ff:aa" log=yes \
    log-prefix=Blocked_Infected_Device: src-mac-address=E2:B5:74:48:FF:AA
add action=drop chain=input comment="Block MAC 86:3a:32:28:b6:d4" log=yes \
    log-prefix=Blocked_Infected_Device: src-mac-address=86:3A:32:28:B6:D4
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN log-prefix=Drop_All_Not_Coming_From_Lan:
add action=drop chain=forward comment=\
    "SIP Trunk: Block all except SIP Trunk provider" dst-port=35060 log=yes \
    log-prefix=Drop_IPs_Other_Than_SIP_Prov: protocol=udp src-address=\
    !199.48.65.2
add action=drop chain=forward comment="Block MAC e2:b5:74:48:ff:aa" log=yes \
    log-prefix=Blocked_Infected_Device: src-mac-address=E2:B5:74:48:FF:AA
add action=drop chain=forward comment="Block MAC 86:3a:32:28:b6:d4" log=yes \
    log-prefix=Blocked_Infected_Device: src-mac-address=86:3A:32:28:B6:D4
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related
add action=drop chain=forward comment="Drop suspicious SMTP" dst-port=25 \
    in-interface=!ether1-WAN1 log=yes log-prefix=suspicious_SMTP_client: \
    protocol=tcp src-address=!192.168.1.2
add action=add-src-to-address-list address-list=spammers \
    address-list-timeout=3h chain=forward comment=\
    "Add Spammers to the list for 3 hours" connection-limit=30,32 dst-port=\
    25,587,465 limit=30/1m,0:packet log=yes log-prefix=\
    Spammers_AddSpammersToList_ protocol=tcp
add action=drop chain=forward comment="Avoid spammers action" dst-port=\
    25,587,465 log=yes log-prefix=DropConnectionsInSpammersList: protocol=tcp \
    src-address-list=spammers
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="Prevent inter LANs communications" \
    in-interface=ether2-LAN4 log=yes log-prefix=\
    Drop_Inter_LANs_Communications: out-interface=ether3-LAN3
add action=drop chain=forward comment="Prevent inter LANs communications" \
    in-interface=ether2-LAN4 log=yes log-prefix=\
    Drop_Inter_LANs_Communications: out-interface=ether4-LAN2
add action=drop chain=forward comment="Prevent inter LANs communications" \
    in-interface=ether2-LAN4 log=yes log-prefix=\
    Drop_Inter_LANs_Communications: out-interface=ether5-LAN1
add action=drop chain=forward comment="Prevent inter LANs communications" \
    in-interface=ether3-LAN3 log=yes log-prefix=\
    Drop_Inter_LANs_Communications: out-interface=ether2-LAN4
add action=drop chain=forward comment="Prevent inter LANs communications" \
    in-interface=ether3-LAN3 log=yes log-prefix=\
    Drop_Inter_LANs_Communications: out-interface=ether4-LAN2
add action=drop chain=forward comment="Prevent inter LANs communications" \
    in-interface=ether3-LAN3 log=yes log-prefix=\
    Drop_Inter_LANs_Communications: out-interface=ether5-LAN1
add action=drop chain=forward comment="Prevent inter LANs communications" \
    in-interface=ether4-LAN2 log=yes log-prefix=\
    Drop_Inter_LANs_Communications: out-interface=ether2-LAN4
add action=drop chain=forward comment="Prevent inter LANs communications" \
    in-interface=ether4-LAN2 log=yes log-prefix=\
    Drop_Inter_LANs_Communications: out-interface=ether3-LAN3
add action=drop chain=forward comment="Prevent inter LANs communications" \
    in-interface=ether4-LAN2 log=yes log-prefix=\
    Drop_Inter_LANs_Communications: out-interface=ether5-LAN1
add action=drop chain=forward comment="Prevent inter LANs communications" \
    in-interface=ether5-LAN1 log=yes log-prefix=\
    Drop_Inter_LANs_Communications: out-interface=ether2-LAN4
add action=drop chain=forward comment="Prevent inter LANs communications" \
    in-interface=ether5-LAN1 log=yes log-prefix=\
    Drop_Inter_LANs_Communications: out-interface=ether3-LAN3
add action=drop chain=forward comment="Prevent inter LANs communications" \
    in-interface=ether5-LAN1 log=yes log-prefix=\
    Drop_Inter_LANs_Communications: out-interface=ether4-LAN2
add action=drop chain=forward comment="defconf: drop invalid 2" \
    connection-state=invalid log=yes log-prefix=Drop_Invalid:
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN log=yes log-prefix=\
    Drop_All_from_WAN_not_DSTNATed:
/ip firewall mangle
add action=mark-connection chain=forward comment="Mark the SiP connection" \
    connection-state=new log=yes log-prefix=SIP-Connection: \
    new-connection-mark=sip-connection passthrough=yes port=5060 protocol=udp
add action=mark-packet chain=forward comment="Mark the SiP packets" \
    connection-mark=sip-connection log-prefix=SIP-Packet: new-packet-mark=SIP \
    passthrough=yes
add action=mark-connection chain=forward comment="Mark the RTP connection" \
    connection-state=new log=yes log-prefix=RTP-Connection: \
    new-connection-mark=rtp-connection passthrough=yes port=16000-16511 \
    protocol=udp
add action=mark-packet chain=forward comment="Mark the RTP packets" \
    connection-mark=rtp-connection log-prefix=RTP-Packet: new-packet-mark=RTP \
    passthrough=yes
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
add action=dst-nat chain=dstnat comment=RTP dst-port=16000-16511 protocol=udp \
    to-addresses=192.168.0.102 to-ports=16000-16511
add action=dst-nat chain=dstnat comment=MGCP dst-port=2727 protocol=udp \
    to-addresses=192.168.0.101 to-ports=2727
add action=dst-nat chain=dstnat comment="PTAP (Base and Remote Phones)" \
    dst-port=9300 protocol=udp to-addresses=192.168.0.101 to-ports=9300
add action=dst-nat chain=dstnat comment="SIP TRUNK" dst-port=35060 protocol=\
    udp src-address=199.48.65.2 to-addresses=192.168.0.101 to-ports=35060
add action=dst-nat chain=dstnat comment="SIP (Mobile Softphone)" dst-port=\
    36060 protocol=udp to-addresses=192.168.0.101 to-ports=5060
add action=dst-nat chain=dstnat comment="PBX Remote (https://)" dst-port=5780 \
    protocol=tcp to-addresses=192.168.0.101 to-ports=443
/ip firewall service-port
set h323 disabled=yes
set sip disabled=yes
/ip route
add distance=1 gateway=154.89.111.153
/system clock
set time-zone-autodetect=no time-zone-name=America/Moncton
/system logging
add action=disk topics=critical
add action=disk topics=error
add action=disk topics=info
add action=disk topics=warning
add action=emailBlocked disabled=yes prefix="Blocked Infected Device_" \
    topics=info,firewall,critical,error,warning
/system ntp client
set enabled=yes server-dns-names=pool.ntp.org
/tool e-mail
set address=smtp.gmail.com from=thisIs@aTest.com port=587 start-tls=yes \
    user=thisIs@aTest.com
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Config check

Thu Jun 10, 2021 5:43 pm

on all network DNS missing
/ip dhcp-server network
add address=10.10.3.0/24 gateway=10.10.3.1
add address=172.18.4.0/24 gateway=172.18.4.1
add address=192.168.0.0/24 gateway=192.168.0.1
add address=192.168.1.0/24 gateway=192.168.1.1


instead to have all the rule for block LANx to LANy better block all not LANx->WAN
 
JimLafleur
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 60
Joined: Thu Nov 19, 2020 2:35 am

Re: Config check

Thu Jun 10, 2021 8:03 pm

Hi rextended,
Thanks for the answer.

on all network DNS missing

I did set DNS here though:
/ip dns
set servers=8.8.8.8,1.1.1.1

Does it have to be explicitly set also in /ip dhcp-server network?

instead to have all the rule for block LANx to LANy better block all not LANx->WAN
Well, I don't want the different LANs to be able to speak with each other, so I'd better keep those rules, right?
Although, like you said I could add a rule to block all devices, not in one of the LANs, to go to the WAN. Is that how we do this?:

add action=drop chain=forward \
in-interface-list=!LAN \
out-interface-list=WAN



Or I think it would be better like this right? :

/ip firewall address-list
add address=192.168.1.0/24 list="Our LANs"
add address=192.168.0.0/24 list="Our LANs"
add address=172.18.4.0/24 list="Our LANs"
add address=10.10.3.0/24 list="Our LANs"

add action=drop chain=forward out-interface=ether1-WAN1 src-address-list="!Our LANs"
Last edited by JimLafleur on Thu Jun 10, 2021 8:21 pm, edited 1 time in total.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Config check

Thu Jun 10, 2021 8:19 pm

>>> Does it have to be explicitly set also in /ip dhcp-server network?
Yes, or the device connected at dhcp server do not get any DNS

>>> I did set DNS here though:
>>> /ip dns set servers=8.8.8.8,1.1.1.1
there are DNS used only for internal RouterBOARD name resolution



>>> Well, I don't want the different LANs to be able to speak with each other
as I write: instead to have all the rule for block LANx to LANy better block all not LANx->WAN
is better to have one rule for each LAN than one rule for all LAN possible combinations
instead block LAN1 to LAN2, LAN1 to LAN3 .... LAN4 to LAN1, LAN4 to LAN2, LAN4 to LAN3, etc. etc. etc.
block on forward the LAN traffic NOT directed to group WAN (all non-WAN are other LAN...)

>>> so I'd better keep those rules, right?
No...

>>> Although, like you said I could add a rule to block all devices, not in one of the LANs, to go to the WAN. Is that how we do this?:
>>> add action=drop chain=forward in-interface-list=!LAN out-interface-list=WAN
(this rule drop all traffic to WAN not coming to LAN = drop all traffic coming to WAN directed to.... WAN!!!)

not, the "opposite":

add action=drop chain=forward in-interface-list=LAN out-interface-list=!WAN
all traffic NOT directed to WAN (and locally on router because traffic to the router use input, not forward) = all traffic directed to other LANs
 
JimLafleur
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 60
Joined: Thu Nov 19, 2020 2:35 am

Re: Config check

Thu Jun 10, 2021 9:33 pm

So I could replace this: A:
add action=drop chain=forward in-interface=ether2-LAN4 out-interface=ether3-LAN3
add action=drop chain=forward in-interface=ether2-LAN4 out-interface=ether4-LAN2
add action=drop chain=forward in-interface=ether2-LAN4 out-interface=ether5-LAN1
add action=drop chain=forward in-interface=ether3-LAN3 out-interface=ether2-LAN4
add action=drop chain=forward in-interface=ether3-LAN3 out-interface=ether4-LAN2
add action=drop chain=forward in-interface=ether3-LAN3 out-interface=ether5-LAN1
add action=drop chain=forward in-interface=ether4-LAN2 out-interface=ether2-LAN4
add action=drop chain=forward in-interface=ether4-LAN2 out-interface=ether3-LAN3
add action=drop chain=forward in-interface=ether4-LAN2 out-interface=ether5-LAN1
add action=drop chain=forward in-interface=ether5-LAN1 out-interface=ether2-LAN4
add action=drop chain=forward in-interface=ether5-LAN1 out-interface=ether3-LAN3
add action=drop chain=forward in-interface=ether5-LAN1 out-interface=ether4-LAN2

With this, correct? B:
add action=drop chain=forward in-interface-list=LAN out-interface-list=!WAN

Could A: cause any problems? Or is it just to make the config more tidy?

Thanks
 
JimLafleur
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 60
Joined: Thu Nov 19, 2020 2:35 am

Re: Config check

Thu Jun 10, 2021 9:40 pm

>>> Does it have to be explicitly set also in /ip dhcp-server network?
Yes, or the device connected at dhcp server do not get any DNS

>>> I did set DNS here though:
>>> /ip dns set servers=8.8.8.8,1.1.1.1
there are DNS used only for internal RouterBOARD name resolution


Weird. Although it's not set, all my devices (on DHCP) show 8.8.8.8,1.1.1.1 in ipconfig / all and can access the internet.
I did check it with Fing Desktop also:
2021-06-10 15_36_13-Window.png
You do not have the required permissions to view the files attached to this post.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Config check

Thu Jun 10, 2021 11:06 pm

About this, MikroTik add "no DNS" options on dhcp server network
on 6.42 (2018 / 04 / 20)
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns"
and fix it on 6.42.2 (2018 / 05 / 17)
*) winbox - fixed "/ip dhcp-server network set dns-none" parameter;

That change default behavior.

pre 6.42
if not specified, no DNS are passed

from 6.42(.2)
if you do not set the DNS on dhcp-server network, the dhcp server give DNS at the client like are dynamics
first the ip of the ruoter itself if allow-remote-request on DNS are yes
then followed by static DNS on /ip dns
then dynamic DNS on /ip dns, like IP received from PPPoE connection or other type of dynamic WAN
The option "no DNS" are added for not give DNS if not wanted, like previous behavior

Sometime I forget that I have write before, because I prefer to set manually the DNS passed (the routerboard itself) for manage the DNS request.
For example, if for error you set 8.4.4.8 on /ip DNS instead of 8.8.4.4 or for some reason your provider give you wrong IP,
the dhcp client still with wrong dns until the lease expire,
if you set the right DNS on dhcp server network, you can experiment without problems
 
JimLafleur
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 60
Joined: Thu Nov 19, 2020 2:35 am

Re: Config check

Fri Jun 11, 2021 12:28 am

For example, if for error you set 8.4.4.8 on /ip DNS instead of 8.8.4.4 or for some reason your provider give you wrong IP,
the dhcp client still with wrong dns until the lease expire,
if you set the right DNS on dhcp server network, you can experiment without problems
Makes sense. Sounds like a good practice to set the DNS directly into the DHCP server, then. I'll add it. Thanks for that!

Did you see my last question about the rules to block the inter-lan comms?
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Config check

Fri Jun 11, 2021 12:40 am

Did you see my last question about the rules to block the inter-lan comms?
Sorry, I forgot, now I read and reply
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Config check

Fri Jun 11, 2021 12:44 am

So I could replace this: A:
add action=drop chain=forward in-interface=ether2-LAN4 out-interface=ether3-LAN3
add action=drop chain=forward in-interface=ether2-LAN4 out-interface=ether4-LAN2
...
add action=drop chain=forward in-interface=ether5-LAN1 out-interface=ether3-LAN3
add action=drop chain=forward in-interface=ether5-LAN1 out-interface=ether4-LAN2

With this, correct? B:
add action=drop chain=forward in-interface-list=LAN out-interface-list=!WAN

Could A: cause any problems? Or is it just to make the config more tidy?

Thanks
Yes, because semplify all possible configuration, simply requere on interface group than WAN and LAN must be set exactly.
if the rule is on FORWARD, traffic go inside and return outside the routerboard are still permitted exacly as before.
the rule simply say: if you do not want go to internet or to routerboard, you go nowere!

And what happe if for some time or forever I need traffic from LAN4 to LAN3 (And vice-versa) simply two rules before the drop:
add action=accept chain=forward in-interface=ether2-LAN4 out-interface=ether3-LAN3
add action=accept chain=forward in-interface=ether3-LAN3 out-interface=ether2-LAN4
(also can be specified single service or single IP or both IP)

see this table:
example.png
the best synthesis for forbid traffic on forward between LANs is...
drop forward traffic from LAN if destined to another LAN
if destined to another LAN = if the destination is NOT the WAN
finally:
drop forward traffic from LAN if the destination is NOT the WAN
add action=drop chain=forward in-interface-list=LAN out-interface-list=!WAN

for the same reason also you can write on this way
add action=drop chain=forward in-interface-list=LAN out-interface-list=LAN
but this have some disadvantages not clearly visible at the start,
just for example, iif you add one VLAN or VPN, all the LAN on LAN-list can be accessed or have access from VLAN or VPN,
using !WAN instead, this not happen, because the VLAN and the VPN do not are on WAN group...

Obvious all this do not take on consideration the other firewall filter, raw and other thousand of settings.
 
JimLafleur
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 60
Joined: Thu Nov 19, 2020 2:35 am

Re: Config check

Fri Jun 11, 2021 2:52 am

add action=drop chain=forward in-interface-list=LAN out-interface-list=!WAN
Wow! Thanks for the explanation. And as a plus the filters list is much more simple!

I have an issue with VoIP on the network (No-Way audio). We have a Panasonic PBX in house. It's always the same person who answers the incoming calls. 2 to 5 times a day, when she answers, she cannot hear the person and the person cannot hear her. She hangs up, the person calls back and it always work the second time. Usually no one has trouble doing outgoing calls.

I wonder if the router's config has something to do with that. Do you see something in my config that could lead to No-Way Audio on the phone system?
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Config check

Fri Jun 11, 2021 2:58 am

just this: why you disable the SIP ALG/helper?
/ip firewall service-port
set sip disabled=yes


I cannot provide help on VoIP (not even for a fee), too many variables in the field. It can be any device, or any setting, that is the problem.

Open a new topic about it and I hope someone can help you ...
 
JimLafleur
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 60
Joined: Thu Nov 19, 2020 2:35 am

Re: Config check

Fri Jun 11, 2021 4:32 am

just this: why you disable the SIP ALG/helper?
The panasonic installers told us that SIP ALG/Helper most often cause problems with their VoIP system. So we set the port forwarding manually and disable SIP ALG/Helper.
Thanks.
 
JimLafleur
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 60
Joined: Thu Nov 19, 2020 2:35 am

Re: Config check

Fri Jun 11, 2021 3:20 pm

(Beside the VoIP)

What do you think about the QoS (Queue Tree)?
Does is look standard to you?
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Config check

Fri Jun 11, 2021 4:50 pm

(Beside the VoIP)

What do you think about the QoS (Queue Tree)?
Does is look standard to you?
Nothing strange, seem all ok :)

I can't keep everything in mind, I should see it running to see if there is a problem

Who is online

Users browsing this forum: BioMax, lurker888, PBondurant and 42 guests