Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Howard_Gyton
Advisor

Advice invited on SIP configuration

Hi,

We have recently deployed replacement VOIP solution, replacing our analogue system.

This system is being routed via our firewall cluster and have noticed a number of things, like IPS blocks.  Those have been dealt with but we are still getting a large amount of dropped packets, due to "Re-invites exceed the limit", as detailed below.

VoIP calls are dropped with "SIP Re-Invites exceeded the limit" Reject Reason

We initially changed the mac invites limit from the default of 30 to 100 but all this has done is pushed out the period in which this event happens.  We also reduced the SIP expiry from the default of 66 to 50 and now 40 but this again has simply pushed out the period in between events.

I don't know what is considered a "sensible" or "healthy" setting for either of those two values, as in can the expiry be too short or the maximum invites be too high.

The other option is to change the defined service and set its protocol to "None", which I have not yet done.  Having the SIP traffic being inspected seems like a good idea, protection from call hijacking being one benefit.

There has been no observeable issue with these events happening though, but its something for us to continue to look into, I feel.

Howard

0 Kudos
4 Replies
G_W_Albrecht
Legend Legend
Legend

I would involve TAC to resolve this - you are using R77.30 ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Howard_Gyton
Advisor

Hi Günther,

Yes, it's R77.30 but not the latest JHFA, we have take 286 installed on both cluster members.

0 Kudos
Howard_Gyton
Advisor

Installing Take 345 on to both cluster members seems to have corrected the issue.  We no longer see those messages.

0 Kudos
dawidek
Explorer

Hello in 2024,

It seems that we are experiencing the same issue on our Check Point device R81.20 Take 43 with HotFix 610. The exact same issues described by Howard have taken place.
Do I have to make service request or maybe anyone knows faster path?

Regards,
Dawid 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events