Ring Central PC Apps will NOT work...unless on SSLVPN :x

One of my customers on a Watchguard T70 (latest firmware) is migrating to Ring Central. Hard phones work fine, no issues at all. App will not work at all. I have been working on this for weeks, Support is unable to figure it out. I am baffled.

Neither the Ring Central app itself nor the Teams Ring Central plugin (which is what they prefer to use) will make calls. It says Outgoing calls are disabled.

If the user on a PC inside the company connects the SSLVPN - the apps start working
If I plug directly into modem - the apps work
Nothing else I have tried has worked.

What I've done for testing:
Disabled all proxies
Disabled all subscription services
Whitelisted Ringcentral everything
Moved Outgoing policy to top
Tried difference external IP in NAT
Setup ANY policy and put on top
Plugged directly into WG to bypass all switches

Nothing I do but connect the VPN will work. But I have 2 other clients that use Ring Central and required no special setups for it to just work fine....

Ahhhhhh!!!!!!!

This office is connected to 7 other offices with a BOVPN
This office is the MAIN office
None of the other offices work either
I sign into Ring Central on my PC at my office (Watchguard T20), works just fine!

This is driving me nuts. The SSLVPN Any policy should be no different than using a standard ANY policy and putting it on top. Support said the only difference is when using the VPN I am tunneled through whatever switches the PC's may be going through, but I already tried direct into the WG and it still didn't work.

Please help if you have any ideas!!!

Firewall shows all green traffic for the policies I am logging during testing any policies etc

Comments

  • edited October 2023

    Here is a real kicker too.

    If I connect the VPN and make a call then disconnect the VPN, I can sometimes make another call. Occasionally the indicator will stay green but the calls don't work but if I keep trying sometimes a random call does go through, but eventually within 10 minutes the call indicator turns grey and its completely dead after that.

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @Chaospinhead

    If the firewall is showing allows, I would make a guess that there's something the client you're using isn't sending, or isn't routable for some reason. The logs from the RingCentral app might provide some data on what's actually wrong here, if they're available.

    Moving to the SSLVPN from inside the network would change the IP address base -- if there's a conflict there somehow, that might be NATing it out of that situation.

    -James Carson
    WatchGuard Customer Support

  • We are unable to figure it out. There are 6 other offices that are BOVPN with this office and all 6 of them the apps work just fine! It driving me nuts. We are having issues with some of the phones too now that we have switched them out. When a call comes in to certain phones the phones "lose service" instead of ringing, then regain service about 30 seconds later. Not sure if that's even related. It feels like it shouldn't be this hard to figure out. I have used PC's connected to 3 different switches, set static ips/vlans, plugged direct into watchguard, direct into modem and the only time they work is on the VPN or direct in the modem. It has to be the Watchguard or some setting in it :(

  • The only thing that comes to mind is with a VPN, the data portion of a packet is reduced because of encapsulation.

    So could this be a MTU issue on your external interface ?

  • It ended up being an MTU issue but not how we thought. A long time ago we had a 4G backup internet device and the MTU on the interface for that port was set to 1458. It's been that way for years. We recently stopped using that device so I turned that port into a lan port without remembering the MTU was set differently. After plugging a switch into that port and the whole network going down and me remembering that port had a different MTU at one time I went and changed the MTU on that port just to fix the other issue. This inadvertantly fixed all the issues even though nothing was plugged into that port all along for the last couple months...just it being there, was messing up Ring Central, and only Ring Central... Super frustrating

Sign In to comment.