topic SIP - don't translate source port? in Firewall and Security Management https://community.checkpoint.com/t5/Firewall-and-Security-Management/SIP-don-t-translate-source-port/m-p/184129#M33806 <P>R81.10 Take 55.</P><P>We're trying to get a new BT SIP service working.&nbsp; BT say that the reason it is failing is because all of our SIP traffic comes from random source ports each time.&nbsp; Packet captures and CP logs absolutely show that we are doing "<STRONG><EM>Xlate (NAT) Source Port</EM></STRONG>" and changing the source port all the time.</P><P>BT insist that we turn off SIP ALG and make the firewall keep the source port the same - stop translating the source port.&nbsp; But how?</P><P>We have a custom UDP/5060 port and there is no SIP mentioned anywhere in the fw chain.&nbsp; So SIP ALG is off.&nbsp; But how do we stop the firewall from translating the source port?</P> Thu, 15 Jun 2023 21:40:38 GMT biskit 2023-06-15T21:40:38Z SIP - don't translate source port? https://community.checkpoint.com/t5/Firewall-and-Security-Management/SIP-don-t-translate-source-port/m-p/184129#M33806 <P>R81.10 Take 55.</P><P>We're trying to get a new BT SIP service working.&nbsp; BT say that the reason it is failing is because all of our SIP traffic comes from random source ports each time.&nbsp; Packet captures and CP logs absolutely show that we are doing "<STRONG><EM>Xlate (NAT) Source Port</EM></STRONG>" and changing the source port all the time.</P><P>BT insist that we turn off SIP ALG and make the firewall keep the source port the same - stop translating the source port.&nbsp; But how?</P><P>We have a custom UDP/5060 port and there is no SIP mentioned anywhere in the fw chain.&nbsp; So SIP ALG is off.&nbsp; But how do we stop the firewall from translating the source port?</P> Thu, 15 Jun 2023 21:40:38 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/SIP-don-t-translate-source-port/m-p/184129#M33806 biskit 2023-06-15T21:40:38Z Re: SIP - don't translate source port? https://community.checkpoint.com/t5/Firewall-and-Security-Management/SIP-don-t-translate-source-port/m-p/184140#M33808 <P>Are you performing HIDE NAT on the connection?<BR />If so, the source port changing is expected behavior.<BR />However, this might also apply:&nbsp;<A href="https://support.checkpoint.com/results/sk/sk176286" target="_blank">https://support.checkpoint.com/results/sk/sk176286</A>&nbsp;</P> Thu, 15 Jun 2023 22:07:10 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/SIP-don-t-translate-source-port/m-p/184140#M33808 PhoneBoy 2023-06-15T22:07:10Z