Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Ricardo_Andres_
Contributor

Does Check Point support ALG for NAT?

Hello,

Whatsapp calls use WebRTC (STUN/ICE/TURN), a call is establish using Public IP addresses (phones are behind a hide nat), but when the call is established the communication is P2P using the phones' private IP addresses.

Is there any way on a Check Point Gateway (like an ALG support) ir order to NAT the WebRTC or SIP body (payload) and force the phones to use it's public addresss intead the private ones?

In other words: Does the CheckPoint Support Alterational of the whatsapp messages to replace the Internal IP with the Public IP?

0 Kudos
3 Replies
PhoneBoy
Admin
Admin

Check Point can do this for SIP if appropriately configured and SIP-TLS isn't being used.

Refer to the following docs for more info: VoIP R77 Versions Administration Guide 

I make and receive calls using WhatsApp all the time from behind a Check Point gateways performing HIDE NAT without any issues.

What rule(s) do you have in place to allow outbound traffic?

0 Kudos
Ricardo_Andres_
Contributor

Thanks Dameon,

Whatsapp calls goes fine. But as the communication is using the mobiles' private IP addresses (when they are in the same subnet, beacuse of the WebRTC) the communication gets only the switching, so ISPs can't do accounting over this traffic.

0 Kudos
PhoneBoy
Admin
Admin

It's possible WhatsApp uses SIP/TLS and implement certificate pinning in their client.

In which case, there may not be a lot you can do here.

That said, it's a use case I hadn't considered before Smiley Happy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events