This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
TChystilina
Explorer
‎2020-09-28 12:44 PM

Does not voice in both side via site-to-site

Hello

Today i configured chekpoint 1590 and faced a problem. My voip client do not hear each other.

My environment has next view. LAN VOIP client - Site2Site - PBX

Most important configuration:

        - Enabled  - Hide internal networks behind the Gateway's external IP address 

        - In ACCESS RULES i allowed traffic from LAN to PBX and back For SIP_UDP and SIP_TCP traffic. I have made additional service with "none" for rtp udp ports 10000-20000. Made allow rule for this service. In SIP_UDP and SIP_TCP service i  have cheked in "Disable sip inspection" box (Without this phone could not register to PBX)

        - I did not made any other nat rules.

Between the network of both site of ipsec tunnel all other traffic is passes, I also test icmp, rdp, ssh connection.

I think, i have to disable some additional inspection for voice, but cat find where in this stripped down web interface.

Also in future, I need to allow my remote client (RA VPN) access to services behind this site to site vpn. Have i need change Back Connection parameter, from Device -> Advanced Settings to true like diskribe in this article https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

  

0 Kudos
1 Reply
TChystilina
Explorer
‎2020-09-29 01:10 PM

I found solution, on UDP port range for RTP traffic service must be enabled "Accept Replies"

Go to Service > create that specific UDP port service > go to advanced and tick "Accept Replies". Then go to policy and create new incoming rule (unless already created) using that specific port (service that you created).

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    li.common.scroll-to.top