cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted
beneaton
Iron

Intermittent VOIP One Way Audio

Jump to solution

Hi,

I am seeing an issue with intermittent one-way audio / transmission on VOIP calls.
Happens every 1 in 6 or 7 calls I'd say.

If the issue happens mid-way through the call, logs show as normal/accept/matched to rule 47, etc.
The immediate call after that more often than now has OWT from the start - that shows in the logs as an accept, but with the protocol error:

" Firewall - Protocol violation detected with protocol:(RTP), matched protocol sig_id:(1), violation sig_id:(9), (500) "

The rule it matches with is just 
Source Network Grp - Destination Network Grp - Any - UDP_4000-60000 and UDP-16000-16511 - Accept - Log

Any help appreciated, on whether the above is related/the cause or where to start troubleshooting - Difficult to start with as there is no actual 'drop'.

Thanks,

Ben

1 Solution

Accepted Solutions

Re: Intermittent VOIP One Way Audio

Jump to solution

Hi @beneaton,

Issue description:

Telephone VoIP connections are terminated and can no longer be established. 

Issue debug:

On the firewall you see a typical issue with the following message if you start: # fw ctl zdebug drop

Issue message: fwconn_key_init_links (INBOUND) failed

Solution:

There are two different Servers on the SIP/RTP provider's side that take part in the process of establishing the SIP/RTP call:

  • Server for SIP (Management and control)
  • Server for RTP (Media and Voice Data)

Make sure that the UDP high ports from the internal RTP VoIP telephone system to the provider RTP server on the RTP provider's side are dropped by the rule base.

Take a look at this Articel. I had the same problem and could fix it with the following settings.

VoIP Issue and SMB Appliance (600/1000/1200/1400)

PS: This does not only affect SMB appliances.

View solution in original post

Tags (1)
6 Replies
beneaton
Iron

Re: Intermittent VOIP One Way Audio

Jump to solution
- If the OWT happens mid-call, logs are accept/no protocol violation alert
- If a call is made straight after a call like above, OWT is present from the start, logs are accept WITH protocol violation alert
- Using NAT
- Panasonic NSxxx
- Gamma SP
0 Kudos
Admin
Admin

Re: Intermittent VOIP One Way Audio

Jump to solution
Please provide some basic details about your environment like software/JHF version, whether NAT is involved, what rules you're using to aceept traffic, etc.
0 Kudos
beneaton
Iron

Re: Intermittent VOIP One Way Audio

Jump to solution
Hi,

Check Point Cluster - R80.10
NAT is involved, yes.
The Rule accepting the traffic is
'a network/sipgrp' - ' another network/sip grp' - Any - UDP_4000-60000 and UDP_16000-16511 - Accept - Log
The log with the accept/alert has source port 16001, and destination service UDP/6167

No drops seen at all on Firewall
0 Kudos

Re: Intermittent VOIP One Way Audio

Jump to solution

Hi @beneaton,

Issue description:

Telephone VoIP connections are terminated and can no longer be established. 

Issue debug:

On the firewall you see a typical issue with the following message if you start: # fw ctl zdebug drop

Issue message: fwconn_key_init_links (INBOUND) failed

Solution:

There are two different Servers on the SIP/RTP provider's side that take part in the process of establishing the SIP/RTP call:

  • Server for SIP (Management and control)
  • Server for RTP (Media and Voice Data)

Make sure that the UDP high ports from the internal RTP VoIP telephone system to the provider RTP server on the RTP provider's side are dropped by the rule base.

Take a look at this Articel. I had the same problem and could fix it with the following settings.

VoIP Issue and SMB Appliance (600/1000/1200/1400)

PS: This does not only affect SMB appliances.

View solution in original post

Tags (1)

Re: Intermittent VOIP One Way Audio

Jump to solution

We had the same problem and could solve it with @HeikoAnkenbrandˋs solution.

Thank you

0 Kudos
Employee
Employee

Re: Intermittent VOIP One Way Audio

Jump to solution

Hi,

I'm Noam from CP-R&D, owner of VoIP development.

I read your question and answers and I would like to jump in.

Security-wise it's not recommended to open a dedicated rule for high-ports, the SIP handler should open the ports dynamically be demand.

We inspect SIP control packets and decide what ip/port should be opened for every call.

From the look on your problem it seems to be related to NAT not being done properly on the payload, that's usually the root cause for one-way audio.

More than that, if RTP matches the rulebase instead of being open dynamically, it won't be NATted correctly.

If you would like to debug the configuration please contact me directly - noamwa@checkpoint.com

Thanks.

0 Kudos