SIP_DYNAMIC_PORTS

Thomas_Dunlap — Mon, 27 Jul 2020 18:27:43 GMT

GW CP730

Firmware: R77.20.87 (990173004)

Good day. I have a scenario where two remote sites have multiple SIP devices (phones and softphones) behind a Verizon FiOS modem. The issue is that for some reason the modem takes the device_LAN_IP1:5060 becomes device_WAN_IP:random (i.e. 173.X.X.X:35011 and 173.X.X.X:1026 and 173.X.X.X:1034). The devices SIP register but RTP does not work because to odd port cannot be reached.

After reading the manual I understand that a sip_dynamic_ports service can be made to fix this issue. With the odd port numbers does one has to make an outgoing and incoming rule for each device. For example

SIP SERVER is PBX with external IP Address and NAT to internal (LAN) PBX IP (This rule already exists)

Source Destination Service Action

(inbound rule) Phone IP address SIP Server Address udp_sip Accept

(outbound rule) SIP Server address SIP Phone Address sip_dynamic_port1 Accept

Get the impression that a rule has to be made for each odd Port number,

So for three devices I would have to add sip_dynamic_port1 (35011), sip_dynamic_port2 (port1026), sip_dynamic_port3 (1034), etc

Am I on the right trail or going down the rabbit hole? Is there another way that one can fix this quirky port numbering problem.

The GW setup for VOIP interface has been setup IAW the CheckPoint SK113573. Other remote phones connected over VPN tunnel function as expected. Just the remote FiOS phones are the prime headache.

Re: SIP_DYNAMIC_PORTS

ronk — Mon, 27 Jul 2020 19:04:03 GMT

Hi,

sip_dynamic_ports service was never supported in SMB.

The phones have to be configured to use permanent source-port and destination-port (by default: 5060. If using non-default port, the SIP_UDP service port has to be changed accordingly).

For more info about the SIP configuration which is supported in SMB, please refer to sk113573.

Thanks

topic Re: SIP_DYNAMIC_PORTS in Spark Firewall (SMB)

SIP_DYNAMIC_PORTS

Re: SIP_DYNAMIC_PORTS