Packet capture is showing SIP traffic going on (there are some 489 Bad Event and 401 Unauthorized messages, but those appear in outgoing calls also and it still works) but RTP incoming traffic is never going through NAT, it dies on the O of the fw monitor. Output of "fw tab -t sip_registration -f" is only ever showing table header Output of "fw tab -t sip_state -f" shows mappings I am using INSIDE_PHONE_IP to SIP_PROXY_IP and reverse in a rule with sip_any allowed. Outbound calls work just fine in this setup. This leads me to believe that the voice traffic itself is dropping. The call itself is performed but nothing can be heard when doing inbound calls. The call setup phase works as we see both that the phone is registered on the SIP_PROXY_IP and that it is showing the call as working for around 60 seconds. The outgoing calls work fine because the NAT is performed correctly. Everything looks good, call is setup but the RTP traffic coming from outbound dies on the firewall public interface and is never NAT-ed to the inside phone. Setup is with SIP_PROXY_IP in the internet. I have the same problem and i've done some troubleshooting. I hope you understand the topology and can help to me. We connected remote session few times again and debugged appliance, monitored, collected to related log files. They are escalated to Diamond Service engineers. Connected 10 more times remote over session with support engineers. We tested it.Ĭreated service request on support center 45 days ago. Working without issue with Checkpoint 1490 and any other 3rd party firewall. No any drop and prevent logs on appliance. But Cannot receive the destination IP-Phones and connection active with Call Center with external source. They transferring call to B-Phones or Branch Phones. If Call Center receive call from outside.Usually receiving call from external sources to Call Center.Call from B-Phone-1 to B-Phone-2, B-Phone-2 receiving call from B-Phone-1 and cannot hear each other.(no voice) Sometimes only one way voice.and fwconn_key_init_links (OUTBOUND) failed VOIP ZOIPER V2.15 VERIFICATIONBranch-1 Network has included Hosts and they can to connect DMZ NetworkÄropping packets Reason: post lookup verification failed. A-Network and B-Networks Included hosts and they can connect to each other and for DMZ PBX Located On DMZ network (Included other servers. DMZ Network, A-Network and B-Network direct connected to Firewall It was dropping SIP 5060 port and I used SIP Security Rule for Proxy in DMZ Topology and created to related rules. Unfortunately SIP is not passing through over checkpoint. I am trying to replace Checkpoint 1490 to Checkpoint 5200 with GAIA-R80.10 Standalone deployment.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |