Troubleshooting dropouts for video conferencing applications like Microsoft Teams
07/27/2020 69 2741
Video conferencing allows people at two or more locations to see and hear each other at the same time, using computer and communications technology. They exchange visual information with Webcams (digital video cameras) and streaming video. Audio content may be distributed via computer or the telephone system. Some of the popular applications like Skype for business, Zoom, Microsoft Teams can be used for the same.
Real-time video sharing consumes much more network bandwidth than other forms of conferencing. The higher resolution of the video being broadcast, the more difficult it is to maintain a reliable stream free of dropped frames or frame corruptions, particularly over Internet connections.
While present behind a SonicWall firewall, if you are experiencing connection dropouts, the following steps can be taken to ensure a better connectivity.
UDP Flood protection:
UDP Flood Attacks are a type of denial-of-service (DoS) attack. They are initiated by sending a large number of UDP packets to random ports on a remote host. As a result, the victimized system’s resources are consumed with handling the attacking packets, which eventually causes the system to be unreachable by other clients.
SonicWall UDP Flood Protection defends against these attacks by using a “watch and block” method. The appliance monitors UDP traffic to a specified destination. If the rate of UDP packets per second exceeds the allowed threshold for a specified duration of time, the appliance drops subsequent UDP packets to protect against a flood attack.
The video conferencing applications utilize a large UDP packets for voice and video conferencing. So, it is essential to set a right value so that legitimate traffic does not dropped being flagged as a flood.
You can either disable UDP flood protection, or set a higher UDP Flood Attack Threshold (UDP Packets / Sec). The default value is 1000. Based on your environment you can increase this to 5000 or 10,000 and test what works for your setup.
To make these changes:
- Navigate to MANAGE | Firewall Settings | Flood protection | UDP tab.
- Either use the 'Enable UDP Flood Protection' checkbox to disable the feature completely.
- Or you can also adjust the 'UDP Flood Attack Threshold (UDP Packets / Sec)' value appropriately.
The application control feature includes signatures for various applications like Microsoft Teams, Zoom, Skype and they are spread in various categories.
- Navigate to MANAGE | Rules | App control tab.
- Make sure that all the signatures for the application are in disabled state for block. Use the viewed by: selected to signature to check the same.
Disable DPI on access rule:
Most of these applications use HTTP/HTTPS connections and then custom ports for audio/video connections.
EXAMPLE: Microsoft Teams uses the following ports:
Teams Audio – TCP & UDP – 50000 – 50019
Teams Video – TCP & UDP – 50020 – 50039
Teams Sharing – TCP & UDP – 50040 – 50059
Teams UDP – 3478-3481
You can add separate service objects and group them together in a service group that can then be used in an Firewall access rule as the service. Please refer to How Can I Configure Service Objects? for more details on service objects and groups.
The disable DPI excludes these ports from being inspected against all security services which might cause delay or disruption or quality issues with audio/video services.
You can refer to the link below on how to disable DPI on an access rule How To Disable DPI For Firewall Access Rules
NOTE: If you are still experiencing dropouts, you can perform a packet capture while using the application so that the support team can help you investigate this issue further. Please refer to How Can I Setup And Utilize The Packet Monitor Feature For Troubleshooting? for more details.
There are two ways to contact technical support:
1. Online: Visit mysonicwall.com. Once logged in select Resources & Support | Support | Create Case.
2. By phone: please use our toll-free number at 1-888-793-2830. Please have your SonicWall serial number available to create a new support case.
If you do not have a mysonicwall.com account create one for free!