cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

VoIP Issue and SMB Appliance (600/1000/1200/1400)

 

Issue description:

Many of our customers have reported the following issue in recent weeks. Telephone VoIP connections are terminated and can no longer be established.

Issue debug:

On the firewall you see a typical issue with the following message if you start: # fw ctl zdebug drop

Issue message: fwconn_key_init_links (INBOUND) failed

Solution:

There are two different Servers on the SIP/RTP provider's side that take part in the process of establishing the SIP/RTP call:

  • Server for SIP (Management and control)
  • Server for RTP (Media and Voice Data)

Make sure that the UDP high ports from the internal RTP VoIP telephone system to the provider RTP server on the RTP provider's side are dropped by the rule base on 600 / 1100 / 1200 / 1400 appliance:

RTP rules:

  1. Create a service for the UDP high ports and use it in an incoming Accept rule, which also has to allow the RTP ports.
  2. Create a drop rule to block outgoing connections from the Internal RTP server (VoIP telephone system) to the provider's RTP server on high UDP ports

SIP rule:

  1. Create an allow rule for incoming and outgoing SIP traffic on UDP port 5060

 

Example:

 

A similar description can be found in SK104082.

 

Regards,

Heiko

11 Replies
R89_99
Nickel

Re: VoIP Issue and SMB Appliance (600/1000/1200/1400)

Here you can find the old comments to this article for the old version:

VoIP Issue and SMB Appliance (600/1000/1200/1400) [old] 

Afri_Guel
Ivory

Re: VoIP Issue and SMB Appliance (600/1000/1200/1400)

It is a nice solution!

But it works!

THX

Afri

Re: VoIP Issue and SMB Appliance (600/1000/1200/1400)

Is it correct to drop the rtp packets to the provider?

It is voodoo Smiley Happy

Regards

Hanko

Re: VoIP Issue and SMB Appliance (600/1000/1200/1400)

Yes, it is VoIP Voodoo! 

It is correct! You need a drop rule!

Regards

Heiko

Re: VoIP Issue and SMB Appliance (600/1000/1200/1400)

We have the same problem in Switzerland. Couldn't use the 1400 appliance for VoIP and used the 3000 appliance.
Blocking outgoing RTP packets has been helpful for us.

THX
Levin

Highlighted

Re: VoIP Issue and SMB Appliance (600/1000/1200/1400)

This solution solves our issue.

Nice voodoo hack.

Regards

Joerg

Re: VoIP Issue and SMB Appliance (600/1000/1200/1400)

Check Point not VooDoo:-)

Re: VoIP Issue and SMB Appliance (600/1000/1200/1400)

Yes, it solves pur issues.

thx

M_Musa
Ivory

Re: VoIP Issue and SMB Appliance (600/1000/1200/1400)

Hi,

Heiko Ankenbrand Thanks for the tip much appreciated, after following the article we can get inbound call working with two way audio on a CP1430 appliance, however outbound audio does not work at all (appears the call is established), had quite a few CP tech's take a look but no real progress, does anyone have any ideas? Any help would be much appreciated.

MM

0 Kudos

Re: VoIP Issue and SMB Appliance (600/1000/1200/1400)

This hack works fine!

THX

Kai_O_
Iron

Re: VoIP Issue and SMB Appliance (600/1000/1200/1400)

This solution  works fine.

THX

Kai

0 Kudos