Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Silver

Hide NAT impact on skype for business

Dear  Mates

We are currently experiencing poor call quality when using our on-premise sype for business. We are in the process of finding the possible reasons for that, and as always it comes to the firewalls guys. 

Most of our users are working remotely, so they tend to use skype when connected to to VPN, there are two things that I need help with:

1. Does remote access VPN creates a significant impact on voip services(in this case skype calls)?

2. Since we are doing Hide NAT on the office mode pool, does Hide-NAT have any impact on that too?

 

Any other recomendation is welcome.

 

We are using R80.20, we do not have https inspection enabled.

Thanks in advance.

0 Kudos
6 Replies
Highlighted

VPN should not cause noticeable overhead for something like Skype unless your firewall is overloaded or needs some tuning.  Post the "Super Seven" (s7pac) command outputs for further analysis.

However are you seeing persistent high CPU utilization on only one of your SND cores?  There was a thread awhile back about a bug that could cause all remote access VPN traffic to bottleneck in a single SND core. 

Hide NAT shouldn't directly degrade the performance of Skype either, typically protocols either work with Hide NAT or they don't.

Book "Max Power 2020: Check Point Firewall Performance Optimization" Third Edition
Now Available at www.maxpowerfirewalls.com
Highlighted
Platinum

Allow outbound STUN (UDP/3478-3481) and everything will be fine.

0 Kudos
Highlighted
Silver

Hi Hristo

Can you elaborate more on that? My vpn access rule for corporate users is set to "Any".
Thanks
0 Kudos
Highlighted
Platinum

If it set to Any then it must be something else. 

0 Kudos
Highlighted
Silver

Yes, I wanted to validate what else I could look for on the firewall side. I was thinking maybe the VPN and Hide NAT could have an influence on this behavior.
0 Kudos
Highlighted
Silver

Hi Tim

Thanks for your feeback.

The firewall itself does not have any performance issue, and there is no single SND core with high CPU utilization. The traffic is being distributed accordingly among the cores


0 Kudos