This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
JackPrendergast
Advisor
Advisor
‎2023-10-12 12:52 PM

Inbound Calls, No Audio. Outbound Calls - OK. Displacing SonicWALL.

Hello,

I am in a sticky situation with a customer of mine.

We are displacing SonicWALL. The migration has been no problem minus the telephony system.

Due to this, the cutover has had to be rolled back multiple times.

Ill try keep this brief to aid assistance 🙂 

 

TAC case has been raised, but any technical advice would be wonderful. This is a particular unique setup with a Teams front end as a softphone client, with a SBC on site with the SIP trunks being on a different network delivered in by a 3rd party.

 

  • SonicWALL works no problem.
  • Outbound calls work no issues at all.
  • Inbound calls connect, but no audio, at all regardless of direction can be heard.
  • This is a Check Point 6000 cluster running R81.10 and fully patched.

 

SIP ALG has been disabled and enabled many times. Interestingly, outbound calls only work with the proper defined SIP object.

NAT Rules are all static, and not hide.

SIP Inspection settings have been changed not to change hide NAT source port regardless.

 

The topology is as follows

 

Microsoft Teams Public ->NAT-> SBC on Premise ->NAT-> Telephony Provider Network

 

  • When calls outbound are established, I see the full SIP stream and audio stream in a packet capture.
  • Inbound, I see the SIP messages and SIP OK message but never see any high UDP or any resemblance of RTP packets inbound on the WAN interface and subsequently nothing on the LAN towards the SBC.

Facts:

  • Outbound is fine (so I dont believe its NAT)
  • Inbound calls establish. No audio (Had similar issues with outbound until we used the 'SIP' object)
  • R81.10 Cluster fully patched
  • NAT Rules are all ok (As above. Calls establish/terminate fine. No RTP stream is seen in logs or packet capture)
  • SIP service in rules has been removed and added. Makes no difference to inbound.
  • No threat prevention enabled at this time.

Thanks all!

 

0 Kudos
6 Replies
G_W_Albrecht
MVP Silver
MVP Silver
‎2023-10-12 11:41 PM

Did you contact TAC yet ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
JackPrendergast
Advisor
Advisor
‎2023-10-13 10:21 AM
In response to G_W_Albrecht

TAC contacted. No response yet.

 

I have narrowed the issue to where I think it is.

 

SIP Session is OK - so lets ignore 5060 etc.

 

RTP is the issue. Between SBC and Microsoft Teams I can see the outbound RTP. Fixed source port, high UDP destination port

Nothing is coming back from Microsoft Teams as far as I can see on SmartConsole.

Due to having to roll back, no kernel debugs or packet captures to 100% verify the above.

 

Any advice on if you have seen inbound RTP streams being received but being chewed in the kernel (hence no SC logs)  would be welcome 🙂 

0 Kudos
Alex-
MVP Silver
MVP Silver
‎2023-10-13 10:30 AM
In response to JackPrendergast

You could check if they are dropped and received on the external internal with a. kernel debug.

 

cppcap -i <external interface>

 

fw ctl debug 0
fw ctl debug -buf 32768
fw ctl debug -m fw + drop conn
fw ctl kdebug -T -f > debugfile.txt
<Make Teams call>
fw ctl debug 0

 

 

0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2023-10-13 11:13 AM

Well, I know in the old days of CP, one thing people would do is set protocol handler to none, but not sure if that made any difference for you.

Andy

 

Screenshot_1.png

Best,
Andy
0 Kudos
JackPrendergast
Advisor
Advisor
‎2023-10-16 02:05 AM
In response to the_rock

This is the odd thing..

 

Outbound calls only work with the protocol handler set! Role reversal.

0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2023-10-16 03:10 AM
In response to JackPrendergast

Got it. I would follow voip ARTG sk (cant get it now, as support center is super slow), but if that does not help, TAC case I suppose...

Andy

Best,
Andy
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events