VoIP Registrations being dropped

Hi all,

Need some help with a strange issue with VoIP registrations dropping.

Current setup
Netgate 4100
WAN1 – PPPoE with ISP
WAN2- PPPoE with ISP
LAN is configured with multiple VLANs
Primary LAN:
Guest LAN (VLAN50):

All switching is Unifi

Both WANS have the gateway monitoring action & monitoring disabled.
Firewall Optimization options- Conservative
Load Balancing – Sticky Connections is enabled.
This system used to work perfectly fine, we have VoIP traffic to go via a specific gateway, ever since we updated to 23.05 clients VoIP phones keep dropping registration. We have tried the below on VoIP side, So if were to login to the yealink phone the phone would appear registered and after some time registration failed.

-The same phones registers on another Pfsense network fine and don’t drop registration.
-Reducing SIP registration on phones to 360 from 3600, registration still times out intermittently.
-Changing from UDP to TCP registration, same issues

Any advise is appreciated, as I am stumped with this.

Does your VoIP provider have a tool to test the your network? We use GoTo and they have to tool to identify any issues.

Go to NAT > Create a hybrid NAT rule that sets ports static during NAT.

I have noticed this in the firewall logs, with the Public IP of the PBX showing.

I dont understand why it needs a port forward we have other pfsense with the same phone system that hasnt required anything different to this.

Would all the phones having the same local port cause an issue? or can pfsense handle this?

I think this calls for a an actual packet capture on one of the phones whenever the registration is failing to figure out the root cause. Pfsense has a packet capture feature. Once the phone loses registration, stop the capture and look at it with wireshark.

thanks, switching half the phones to TCP and the other half to UDP Seems to have sorted it but this happened last time and the issue re-emerged. Thanks for your help

Did you try what I suggested about the static NAT? I am not talking about port forwarding, I am talking about outbound NAT keeping a static port instead of randomizing it (default in pfsense). And yes, source port is to be expected to be identical, depending on the service.