Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Videconferencing cut when applying policy

Hi, 

 

I need a little bit of help, because we are struggling with surely a simple thing, but we can't find a good solution. We have an issue that, when applying policy, all our videoconferencing flows that are in progress are cut. 

 

We did try to create specific UDP & TCP ports (1024-65535, H323, SIP...) and ticking the box "Keep connections open after the policy has been installed", but it still doesn't work. 

 

I was wondering if someone experienced the same, of if there's a "best practice" for this on the policy rules. 

 

Thanks in advance for your help ! 

Antoine REBUZZI

0 Kudos
8 Replies
Highlighted
Platinum

Any high CPU utilization at the moment of policy install?

Which type of appliance are you using ?

0 Kudos
Highlighted

I've got two different firewalls, one is an appliance 5200, and another one is a splat on an HP server.

Hmm, no high CPU for these firewalls at the moment of the push.
0 Kudos
Highlighted
Sapphire

I would suggest to open a SR# with TAC to resolve that !
0 Kudos
Highlighted
Platinum

If there are no interesting logs seen for the dropped connections I agree with Günther to open a case.

There is a good description of the "Keep connections open after the policy has been installed" behaviour in

Connectivity Issues after Policy Install

 

Wolfgang

0 Kudos
Highlighted

Thanks guys. 

 

I was pretty sure I would need a ticket, but I wanted to check if someone experienced the same thing than me before 🙂

Will keep the info I might get from the TAC here !

 

Antoine 

0 Kudos
Highlighted

If you are using R80.10 gateway or earlier, SecureXL is completely restarted every time the policy is installed, and it is possible that this is the source of the problem.  While you could try just completely disabling SecureXL with fwaccel off and then test policy reinstalls, it would be more prudent to exclude the IP addresses of your videoconferencing server(s) from SecureXL acceleration as detailed in the SK below, and see if the undesirable behavior goes away when policy is loaded.

sk104468: How to disable SecureXL for specific IP addresses

 

 

R80.40 addendum for book "Max Power 2020" now available
for free download at http://www.maxpowerfirewalls.com
Highlighted
Platinum

What about Connection Persistence (Keep all connections) within CLuster Object?

Kind regards,
Jozko Mrkvicka
Highlighted

Thanks a lot guys. I will try some of these, while I'm waiting for the TAC answers 🙂
0 Kudos