https://community.checkpoint.com/t5/Spark-Firewall-SMB/3cx-behind-Quantum-Spark-SMB-centrally-managed/m-p/172419#M8294 <P>Have you done also port/access/rules for your RTP traffic <STRONG>10400-10405 </STRONG>for your phone<STRONG>s?</STRONG></P> Thu, 23 Feb 2023 02:30:31 GMT AndrewChui 2023-02-23T02:30:31Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/3cx-behind-Quantum-Spark-SMB-centrally-managed/m-p/172339#M8290 <P>Hi All,</P><P>I read several posts<BR />I read several things</P><P>We have a cluster of 1600 firewall (R80.20.50) managed centrally (MGMT R81.10 Cloud)</P><P>We have:</P><UL><LI>Disabled Inspection on the protocol (5060-5061) by&nbsp; Web page of Appliance</LI><LI>Disabled inspection on the protocol (5060-5061) of the object on the centralized console</LI><LI>With and without IPS</LI><LI>Create static rules for the incoming and outgoing for the NAT&nbsp; (for 3cx server)</LI></UL><P>But the anomaly: the calls disconnect randomly&nbsp;</P><P>Anyone have some suggestions?</P><P>&nbsp;</P><P>The only one noticed is : that the source port of the Connection is changed from firewall chain, it is possible to disable this in the system?</P><P>Firewall Checker (tool on 3cx)</P><P><FONT size="1 2 3 4 5 6 7">resolving 'stun-eu.3cx.com'... done</FONT><BR /><FONT size="1 2 3 4 5 6 7">resolving 'stun2.3cx.com'... done</FONT><BR /><FONT size="1 2 3 4 5 6 7">resolving 'stun3.3cx.com'... done</FONT><BR /><FONT size="1 2 3 4 5 6 7">resolving 'sip-alg-detector.3cx.com'... done</FONT><BR /><FONT size="1 2 3 4 5 6 7">testing 3CX PhoneSystem 01 SIP Server... failed (How to resolve?)</FONT><BR /><FONT size="1 2 3 4 5 6 7">stopping service... done</FONT><BR /><FONT size="1 2 3 4 5 6 7">detecting SIP ALG... <STRONG>not detected</STRONG></FONT><BR /><FONT size="1 2 3 4 5 6 7">testing port 5060... <STRONG>Mapping does not match 5060. Mapping is 10400</STRONG>. (How to resolve?)</FONT><BR /><FONT size="1 2 3 4 5 6 7">starting service... done</FONT><BR /><FONT size="1 2 3 4 5 6 7">testing 3CX PhoneSystem Media Server... failed (How to resolve?)</FONT><BR /><FONT size="1 2 3 4 5 6 7">stopping service... done</FONT><BR /><FONT size="1 2 3 4 5 6 7">testing port 5090... <STRONG>Mapping does not match 5090. Mapping is 10401.</STRONG> (How to resolve?)</FONT><BR /><FONT size="1 2 3 4 5 6 7">testing ports [9000..9398]... failed (How to resolve?)</FONT><BR /><FONT size="1 2 3 4 5 6 7">testing port 9000... <STRONG>Mapping does not match 9000. Mapping is 10402</STRONG>. (How to resolve?)</FONT><BR /><FONT size="1 2 3 4 5 6 7">testing port 9002... <STRONG>Mapping does not match 9002. Mapping is 10403.</STRONG> (How to resolve?)</FONT><BR /><FONT size="1 2 3 4 5 6 7">testing port 9004... <STRONG>Mapping does not match 9004. Mapping is 10404</STRONG>. (How to resolve?)</FONT><BR /><FONT size="1 2 3 4 5 6 7">testing port 9006... <STRONG>Mapping does not match 9006. Mapping is 10405</STRONG>. (How to resolve?)</FONT><BR /><FONT size="1 2 3 4 5 6 7">testing port 9008... <STRONG>Mapping does not match 9008. Mapping is 10406.</STRONG> (How to resolve?)</FONT></P> Wed, 22 Feb 2023 13:22:39 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/3cx-behind-Quantum-Spark-SMB-centrally-managed/m-p/172339#M8290 lrossi89 2023-02-22T13:22:39Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/3cx-behind-Quantum-Spark-SMB-centrally-managed/m-p/172419#M8294 <P>Have you done also port/access/rules for your RTP traffic <STRONG>10400-10405 </STRONG>for your phone<STRONG>s?</STRONG></P> Thu, 23 Feb 2023 02:30:31 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/3cx-behind-Quantum-Spark-SMB-centrally-managed/m-p/172419#M8294 AndrewChui 2023-02-23T02:30:31Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/3cx-behind-Quantum-Spark-SMB-centrally-managed/m-p/172455#M8301 <DIV class="">&nbsp;</DIV><P>&nbsp;</P><P>Yes, sure</P><P>FW RULE</P><P>in</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CatturaIN-1.PNG" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/19715iDF75DE4960ACBD15/image-size/large?v=v2&amp;px=999" role="button" title="CatturaIN-1.PNG" alt="CatturaIN-1.PNG" /></span></P><P>out&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CatturaIN-2.PNG" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/19716i46F7AD6A59657FBA/image-size/large?v=v2&amp;px=999" role="button" title="CatturaIN-2.PNG" alt="CatturaIN-2.PNG" /></span></P><P>static NAT</P><P>in &amp; out&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="CatturaNAT-1.PNG" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/19714iA2C6FA5EF2DE9DCB/image-size/large?v=v2&amp;px=999" role="button" title="CatturaNAT-1.PNG" alt="CatturaNAT-1.PNG" /></span></P> Thu, 23 Feb 2023 09:45:05 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/3cx-behind-Quantum-Spark-SMB-centrally-managed/m-p/172455#M8301 lrossi89 2023-02-23T09:45:05Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/3cx-behind-Quantum-Spark-SMB-centrally-managed/m-p/172617#M8306 <P>Better contact TAC to get this resolved quickly !</P> Fri, 24 Feb 2023 09:09:01 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/3cx-behind-Quantum-Spark-SMB-centrally-managed/m-p/172617#M8306 G_W_Albrecht 2023-02-24T09:09:01Z