VPN100 Routing Policy conflict problem

alban_mic
alban_mic Posts: 5
First Comment
in Security

Hi,

We have got two different Internet from different providers and we are using for Teams, Skype and Google VOIP only WAN2.

Rule looks like:

User (any) Incoming(lan1) Source(any) Destination(Microsoft) Next hop(wan2_ppp)

We have got some Microsoft teams problem but we have configured the policy correctly. When I do connectivity test everyting looks fine.

To test I added only my client routing policy route:

User (any) Incoming(lan1) Source (pc-alban_mic) Destination(Microsoft) next hop (wan1_ppp)

but my PC can not access to Microsoft IP's.

any idea?

All Replies

  • PeterUK
    PeterUK Posts: 3,500  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    Do you have the rules in order with the rule source PC above the other rule?

  • alban_mic
    alban_mic Posts: 5
    First Comment

    source pc-alban is above than General user rule

  • PeterUK
    PeterUK Posts: 3,500  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    What happens if Destination is any?

  • alban_mic
    alban_mic Posts: 5
    First Comment

    destination any blocking all traffik except intern LAN

  • PeterUK
    PeterUK Posts: 3,500  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited March 2024

    I don't follow what is it you want to allow out on WAN1_ppp?

    have you allowed DNS?

  • alban_mic
    alban_mic Posts: 5
    First Comment
    micro_rules.png

    we have setuped a routing rule. The Microsoft Teams and Skype traffic should WAN2_PPP, the other traffic using WAN1_ppp (http, etc)

    but we could not find the reason why Microsoft teams calls freezing or why we are getting "Poor Network" messages from Microsoft Teams (BW Usage is under control)

    to check the WAN1_ppp teams performance I created a new rule. The others will be use Teams on WAN2 as usual except me. Now When I make this rule I can not access above IP ranges and teams does not work on me.

  • PeterUK
    PeterUK Posts: 3,500  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited March 2024

    I'm not sure how Microsoft Teams and Skype works if it relays between everyone or tries to connect to each others IP's but you might of missed a subnet and thats why your having problems

    you may try FQDN

    *.teams.microsoft.com

    *.skypeforbusiness.com

  • alban_mic
    alban_mic Posts: 5
    First Comment

    still same, no ping to any microsoft IP

    image.png

  • PeterUK
    PeterUK Posts: 3,500  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited March 2024

    no ping to any microsoft IP

    This might be normal its getting Teams working is what you want 

    Not sure what teams your using but this is what I found

    FQDN list

    *live.com

    *live.net

    *microsoft.com

    *skype.com

    *skypeforbusiness.com

    *teams.microsoft.com

    *windows.com

    I'm not able to test video or mic as don't have them but think you need to allow UDP 3478 -3481

    and on PC run IPconfig /flushdns

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,284  Zyxel Employee
    100 Answers 500 Comments Friend Collector Fourth Anniversary

    Hello @alban_mic

    Could you please provide the device config file to us via private message for further checking? We will send you a private message later, so please check your inbox. Thank you.


    Untitled Image

    See how you've made an impact in Zyxel Community this year! https://bit.ly/Your2024Moments_Community

Categories

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)