VPN100 Routing Policy conflict problem

Options
alban_mic
alban_mic Posts: 5
First Comment
in Security

Hi,

We have got two different Internet from different providers and we are using for Teams, Skype and Google VOIP only WAN2.

Rule looks like:

User (any) Incoming(lan1) Source(any) Destination(Microsoft) Next hop(wan2_ppp)

We have got some Microsoft teams problem but we have configured the policy correctly. When I do connectivity test everyting looks fine.

To test I added only my client routing policy route:

User (any) Incoming(lan1) Source (pc-alban_mic) Destination(Microsoft) next hop (wan1_ppp)

but my PC can not access to Microsoft IP's.

any idea?

All Replies

  • PeterUK
    PeterUK Posts: 2,770  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Do you have the rules in order with the rule source PC above the other rule?

  • alban_mic
    alban_mic Posts: 5
    First Comment
    Options

    source pc-alban is above than General user rule

  • PeterUK
    PeterUK Posts: 2,770  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    What happens if Destination is any?

  • alban_mic
    alban_mic Posts: 5
    First Comment
    Options

    destination any blocking all traffik except intern LAN

  • PeterUK
    PeterUK Posts: 2,770  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited March 20
    Options

    I don't follow what is it you want to allow out on WAN1_ppp?

    have you allowed DNS?

  • alban_mic
    alban_mic Posts: 5
    First Comment
    Options
    micro_rules.png

    we have setuped a routing rule. The Microsoft Teams and Skype traffic should WAN2_PPP, the other traffic using WAN1_ppp (http, etc)

    but we could not find the reason why Microsoft teams calls freezing or why we are getting "Poor Network" messages from Microsoft Teams (BW Usage is under control)

    to check the WAN1_ppp teams performance I created a new rule. The others will be use Teams on WAN2 as usual except me. Now When I make this rule I can not access above IP ranges and teams does not work on me.

  • PeterUK
    PeterUK Posts: 2,770  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited March 20
    Options

    I'm not sure how Microsoft Teams and Skype works if it relays between everyone or tries to connect to each others IP's but you might of missed a subnet and thats why your having problems

    you may try FQDN

    *.teams.microsoft.com

    *.skypeforbusiness.com

  • alban_mic
    alban_mic Posts: 5
    First Comment
    Options

    still same, no ping to any microsoft IP

    image.png

  • PeterUK
    PeterUK Posts: 2,770  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited March 20
    Options

    no ping to any microsoft IP

    This might be normal its getting Teams working is what you want 

    Not sure what teams your using but this is what I found

    FQDN list

    *live.com

    *live.net

    *microsoft.com

    *skype.com

    *skypeforbusiness.com

    *teams.microsoft.com

    *windows.com

    I'm not able to test video or mic as don't have them but think you need to allow UDP 3478 -3481

    and on PC run IPconfig /flushdns

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,079  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Hello @alban_mic

    Could you please provide the device config file to us via private message for further checking? We will send you a private message later, so please check your inbox. Thank you.

Categories

Security Highlight


Read more

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)