Can Firebox reject Dahua P2P NVR ?
A Dahua NVR with P2P service to Dahua CCTV server is connected behind T15 Firebox.
After 0.5 to 1 hrs of good functioning, the Dahua NVR dissappears from the network.
After reboot, the NVR is back present but again only for 30 mins... Can the NVR be rejected by the Firebox after working for +- 30 mins ?? Tests without Firebox show the NVR remaining on the network without issues
0
Sign In to comment.
Comments
What do you see in Traffic Monitor from the NVR IP addr when it dissappears from the network?
Hi @Devotec
The firewall won't be able to kill an existing connection by rule, but if an appropriate deny rule is made, should stop new connections.
The connections will generally end by themselves eventually, or the connection can be interrupted to kill it (for instance, by using firewatch, rebooting the PC, or rebooting the firewall.)
-James Carson
WatchGuard Customer Support
Thx, strange behaviour, NVR does not have sleep or ECO mode, but dissappears from network after 30 mins, when locally checking the connection on the screen of the NVR, with mouse, the NVR then automatically re-connects. seems the disconnection appears when no traffic is detected ? Dahua insiders told me that their NVRs, remain online, there is no eco or sleep mode incorporated. Test with connecting this NVR to 4G sim card router show NVR remains 100% online then.
Maybe the Dahua P2P system-traffic is not trusted by Firebox ?
PS: Traffic monitor shows nothing about this Dahua or its IP
XTM keeps track of sessions.
There is a session timeout - for TCP the global default is 60 minutes, and can be changed - either for the global value or on a specific policy.
No idea what it is for UDP, and apparently it can not be changed - supposedly from a support incident which was from a post on the old boards.
So no idea why this seems to stop after 30 mins.
You could add a TCP-UDP packet filer policy From: the IP addr of the Dahua, To: Any, and set a very large Custom Idle Time value, and see if that helps.
UDP timeout can be adjusted via CLI and I believe the timeout is 30 seconds by default. Let me go get that process from the old boards...oh, wait, I can't! I wish they would have kept the content. I'll check my server; I probably saved the procedure.
Gregg
Gregg Hill
I found the procedure in an old Spiceworks post of mine. Saving it to my server NOW!
See the "Best Answer" here:
https://community.spiceworks.com/topic/1681793-need-to-change-global-udp-timeout
Gregg
Gregg Hill
default is 30 secs, max is 10 mins, from the current CLI guide
"Traffic monitor shows nothing about this Dahua or its IP"
Do you have logging enabled on the policy it uses to go out? You need to manually enable logging for Allow policies. Once you enable logging and can see its traffic in FSM traffic monitor, leave FSM traffic monitor window open and watch what happens at 30 minutes.
Gregg
Gregg Hill