topic Sometimes unencrypted traffic to the remote access clients in SASE and Remote Access https://community.checkpoint.com/t5/SASE-and-Remote-Access/Sometimes-unencrypted-traffic-to-the-remote-access-clients/m-p/82107#M10656 <P>Hello everyone,</P><P>I have an issue with our remote access employees.</P><P>We have employees with softphones, who connect to our phone server through Check Point Endpoint Security VPN.</P><P>I made two access rules, one for SIP traffic from RA Clients to the phone server and one for RTP (UDP/20000-25000) traffic from the server to the Remote Access Net.</P><P>Also, we have iBGP from the internal side, so I made a route on VS gateway (we have VSX) to the Remote Access Net, with the external gateway as a next-hop (to announce RA Net to BGP).</P><P>Everything works fine. But 3-4 times a day some employees don't hear a caller. I looked through logs and found out, that in such cases RTP packets don't go to the client but unencrypted go to the Internet.</P><P>What can be the problem? How to debug the issue?</P><P>Thank you!</P><P>&nbsp;</P> Thu, 16 Apr 2020 11:04:20 GMT AntonMakarychev 2020-04-16T11:04:20Z Sometimes unencrypted traffic to the remote access clients https://community.checkpoint.com/t5/SASE-and-Remote-Access/Sometimes-unencrypted-traffic-to-the-remote-access-clients/m-p/82107#M10656 <P>Hello everyone,</P><P>I have an issue with our remote access employees.</P><P>We have employees with softphones, who connect to our phone server through Check Point Endpoint Security VPN.</P><P>I made two access rules, one for SIP traffic from RA Clients to the phone server and one for RTP (UDP/20000-25000) traffic from the server to the Remote Access Net.</P><P>Also, we have iBGP from the internal side, so I made a route on VS gateway (we have VSX) to the Remote Access Net, with the external gateway as a next-hop (to announce RA Net to BGP).</P><P>Everything works fine. But 3-4 times a day some employees don't hear a caller. I looked through logs and found out, that in such cases RTP packets don't go to the client but unencrypted go to the Internet.</P><P>What can be the problem? How to debug the issue?</P><P>Thank you!</P><P>&nbsp;</P> Thu, 16 Apr 2020 11:04:20 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Sometimes-unencrypted-traffic-to-the-remote-access-clients/m-p/82107#M10656 AntonMakarychev 2020-04-16T11:04:20Z Re: Sometimes unencrypted traffic to the remote access clients https://community.checkpoint.com/t5/SASE-and-Remote-Access/Sometimes-unencrypted-traffic-to-the-remote-access-clients/m-p/82122#M10657 You're most likely in TAC ticket territory here, particularly if the same client had been receiving the RTP traffic encrypted before then it suddenly stopped working.<BR /> Thu, 16 Apr 2020 13:54:03 GMT https://community.checkpoint.com/t5/SASE-and-Remote-Access/Sometimes-unencrypted-traffic-to-the-remote-access-clients/m-p/82122#M10657 PhoneBoy 2020-04-16T13:54:03Z