https://community.checkpoint.com/t5/Firewall-and-Security-Management/VOIP-One-way-audio-Tranmission-Protocol-violiation/m-p/75129#M11663 <P>Hi,</P><P>I have seen a few questions like this asked, but OPs have either not replied or fixed their issue for their own specific environment.<BR /><BR />Customer is&nbsp;<SPAN>getting VOiP one-way audio/transmission intermittently.</SPAN></P><P>1. It is probably 1 in every 6 or 7 calls that get affected during the call (I.e. Starts off fine)<BR />2. If a call is made immediately after the call that has just had OWT in the call, the new call has OWT from the start.<BR />3. A log entry for the call that connected and had OWT part-way through, shows no errors (but I assume this is likely because the log was generated when it accepted the traffic, and won't revise itself to reflect any noticeable issues?)<BR />4. The call immediately after (which has the OWT from the get-go) is still an accept log, but has the Alert! and the same warning as posted in the OP's post - "Firewall - Protocol violation detected with protocol:(RTP), matched protocol sig_id:(1), violation sig_id:(9), (500)"<BR />5. The log that gets alerted, shows the same Interface as all the other accepts (without Alert!) but the Interface arrow points UP not DOWN - Maybe a Red Herring, but thought worth mentioning<BR />6. I have asked for a copy of their Rule that the accept log matched, which I'll add once I have it.<BR />7. NAT is being used.</P><P>&nbsp;</P><P><BR />Or is it even just a case of that the CP FW is unlikely to be the cause of the OWT?<BR /><BR />I'm trying to help a customer get to the bottom of it, they are not pointing the finger at us/Check Point but we want a prove it one way or another.<BR /><BR />Thanks,</P><P>Ben</P> Thu, 13 Feb 2020 13:16:58 GMT beneaton 2020-02-13T13:16:58Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/VOIP-One-way-audio-Tranmission-Protocol-violiation/m-p/75129#M11663 <P>Hi,</P><P>I have seen a few questions like this asked, but OPs have either not replied or fixed their issue for their own specific environment.<BR /><BR />Customer is&nbsp;<SPAN>getting VOiP one-way audio/transmission intermittently.</SPAN></P><P>1. It is probably 1 in every 6 or 7 calls that get affected during the call (I.e. Starts off fine)<BR />2. If a call is made immediately after the call that has just had OWT in the call, the new call has OWT from the start.<BR />3. A log entry for the call that connected and had OWT part-way through, shows no errors (but I assume this is likely because the log was generated when it accepted the traffic, and won't revise itself to reflect any noticeable issues?)<BR />4. The call immediately after (which has the OWT from the get-go) is still an accept log, but has the Alert! and the same warning as posted in the OP's post - "Firewall - Protocol violation detected with protocol:(RTP), matched protocol sig_id:(1), violation sig_id:(9), (500)"<BR />5. The log that gets alerted, shows the same Interface as all the other accepts (without Alert!) but the Interface arrow points UP not DOWN - Maybe a Red Herring, but thought worth mentioning<BR />6. I have asked for a copy of their Rule that the accept log matched, which I'll add once I have it.<BR />7. NAT is being used.</P><P>&nbsp;</P><P><BR />Or is it even just a case of that the CP FW is unlikely to be the cause of the OWT?<BR /><BR />I'm trying to help a customer get to the bottom of it, they are not pointing the finger at us/Check Point but we want a prove it one way or another.<BR /><BR />Thanks,</P><P>Ben</P> Thu, 13 Feb 2020 13:16:58 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/VOIP-One-way-audio-Tranmission-Protocol-violiation/m-p/75129#M11663 beneaton 2020-02-13T13:16:58Z