Author Topic: Remote 53xx not reaching TFTP  (Read 7478 times)

Offline birdman

  • Contributer
  • *
  • Posts: 9
  • Country: ca
  • Karma: +0/-0
    • View Profile
Remote 53xx not reaching TFTP
« on: November 24, 2015, 02:48:00 PM »
I have read numerous postings about setting up remote 53xx phones and configured my firewall with the ports mentioned.  Unfortunately, I am still unsuccessful in connecting.

As a test I opened all ports to our 5000 system and the remote phone connected without any issues.

When I applied the ports the remote computer gets stuck at the TFTP Main page before continuing on to Contacting Server.

I have revisited the port numbers several times and all seems correct.

Any ideas?



Offline acejavelin

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 4104
  • Country: us
  • Karma: +133/-0
  • High-tech, heavy metal redneck!
    • View Profile
    • Like what I do and wanna help out? Send me a donation!
Re: Remote 53xx not reaching TFTP
« Reply #1 on: November 24, 2015, 06:57:33 PM »
Can you tell us what ports you need have forwarded?

My notes for MiNet phones on a basic 5000 with no expansions:

67&68/UDP
69&20001/UDP
6800-6802/TCP
3998&3999/TCP
50098-50508/UDP
6004-6261/UDP

Offline birdman

  • Contributer
  • *
  • Posts: 9
  • Country: ca
  • Karma: +0/-0
    • View Profile
Re: Remote 53xx not reaching TFTP
« Reply #2 on: November 24, 2015, 07:41:23 PM »
Hi,

Yes to all the ports mentioned plus,

TCP 5570
UDP 6604-7039

I have tried to verify via the firewall log (Fortigate 100) what ports are being used but could not find anything being blocked.

Cheers.

Offline acejavelin

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 4104
  • Country: us
  • Karma: +133/-0
  • High-tech, heavy metal redneck!
    • View Profile
    • Like what I do and wanna help out? Send me a donation!
Re: Remote 53xx not reaching TFTP
« Reply #3 on: November 24, 2015, 08:17:10 PM »
Hi,

Yes to all the ports mentioned plus,

TCP 5570
UDP 6604-7039

I have tried to verify via the firewall log (Fortigate 100) what ports are being used but could not find anything being blocked.

Cheers.

5570 is only for Inter-tel inter-system networking and will not function through a firewall (they cannot be NAT'd).

6604-7039 are only for Intertel IP phones, but having them setup is not a problem.

It sounds like the firewall is the problem, sorry but I don't know much about Fortigate routers.

Offline birdman

  • Contributer
  • *
  • Posts: 9
  • Country: ca
  • Karma: +0/-0
    • View Profile
Re: Remote 53xx not reaching TFTP
« Reply #4 on: November 24, 2015, 10:45:22 PM »
Acejavelin, thanks for looking.

I figure it is firewall related also as the phone connected just fine with all ports open.

Cheers.

Offline birdman

  • Contributer
  • *
  • Posts: 9
  • Country: ca
  • Karma: +0/-0
    • View Profile
Re: Remote 53xx not reaching TFTP
« Reply #5 on: November 25, 2015, 09:28:19 AM »
My firewall guy came back with the following explanation:

The problem here is that TFTP will initiate the transfer on port 69 but will renegotiate a new data transfer port randomly with the client. This is why it works when all the ports are opened.

Is there a setting somewhere on your server where you could set a predefined port range for TFTP data transfers? If you can define a port range you could then open this range in the Fortigate.


Does this ring true and is it possible to specify a range with the 5000 system?

Offline acejavelin

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 4104
  • Country: us
  • Karma: +133/-0
  • High-tech, heavy metal redneck!
    • View Profile
    • Like what I do and wanna help out? Send me a donation!
Re: Remote 53xx not reaching TFTP
« Reply #6 on: November 25, 2015, 09:51:15 AM »
My understanding was the phone would attempt to do TFTP on 20001, and if it failed try 69, or perhaps it was the other way around... I didn't think both ports had to be open, but once the TFTP initiates a random port is used for the UDP transfer. This is how TFTP (IETF RFC 1350) works

Most firewall/routers understand TFTP and if that protocol is allowed they can inspect the packets and forward the correct ports dynamically, some routers like the Cisco Pix require minor configuration.

Maybe this will help: http://www.winagents.com/en/solutions/tftp-over-firewall.php

The port assignments for TFTP cannot be changed in the system.

How many phones are we talking about remotely, a viable solution maybe Mitel Border Gateway.

Offline birdman

  • Contributer
  • *
  • Posts: 9
  • Country: ca
  • Karma: +0/-0
    • View Profile
Re: Remote 53xx not reaching TFTP
« Reply #7 on: November 25, 2015, 01:11:35 PM »
All this for one phone. Of course, if one phone can be made to function, then several others may follow.

I opened up all the UDP ports and the TFTP connection was resolved.

Must be other issues as the contacting server screen gets stuck now.


Offline acejavelin

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 4104
  • Country: us
  • Karma: +133/-0
  • High-tech, heavy metal redneck!
    • View Profile
    • Like what I do and wanna help out? Send me a donation!
Re: Remote 53xx not reaching TFTP
« Reply #8 on: November 26, 2015, 01:35:25 AM »
Make sure you have the system NAT address defined properly in processor IP connections, and in the set you have NAT set. If you do not have the public IP defined correctly in the 5000 it could also be why TFTP doesn't work quite right... This is not in System->IP Settings, but in System->Devices and Feature Codes->IP Connections->P6000 (typically, the p6000 part might vary slightly) then set NAT IP Address to your public IP address.
« Last Edit: November 26, 2015, 01:38:57 AM by acejavelin »

Offline birdman

  • Contributer
  • *
  • Posts: 9
  • Country: ca
  • Karma: +0/-0
    • View Profile
Re: Remote 53xx not reaching TFTP
« Reply #9 on: November 30, 2015, 11:33:04 AM »
Problem solved.

Turns out the firewall settings had implemented both for incoming and outgoing connections.  When outgoing was removed the phone was able to connect fine.

Thanks for your help.


 

Sitemap 1 2 3 4 5 6 7 8 9 10