Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Antoine_Rebuzzi
Participant

Videconferencing cut when applying policy

Hi, 

 

I need a little bit of help, because we are struggling with surely a simple thing, but we can't find a good solution. We have an issue that, when applying policy, all our videoconferencing flows that are in progress are cut. 

 

We did try to create specific UDP & TCP ports (1024-65535, H323, SIP...) and ticking the box "Keep connections open after the policy has been installed", but it still doesn't work. 

 

I was wondering if someone experienced the same, of if there's a "best practice" for this on the policy rules. 

 

Thanks in advance for your help ! 

Antoine REBUZZI

0 Kudos
8 Replies
Wolfgang
Authority
Authority

Any high CPU utilization at the moment of policy install?

Which type of appliance are you using ?

0 Kudos
Antoine_Rebuzzi
Participant

I've got two different firewalls, one is an appliance 5200, and another one is a splat on an HP server.

Hmm, no high CPU for these firewalls at the moment of the push.
0 Kudos
G_W_Albrecht
Legend Legend
Legend

I would suggest to open a SR# with TAC to resolve that !
CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Wolfgang
Authority
Authority

If there are no interesting logs seen for the dropped connections I agree with Günther to open a case.

There is a good description of the "Keep connections open after the policy has been installed" behaviour in

Connectivity Issues after Policy Install

 

Wolfgang

0 Kudos
Antoine_Rebuzzi
Participant

Thanks guys. 

 

I was pretty sure I would need a ticket, but I wanted to check if someone experienced the same thing than me before 🙂

Will keep the info I might get from the TAC here !

 

Antoine 

0 Kudos
Timothy_Hall
Legend Legend
Legend

If you are using R80.10 gateway or earlier, SecureXL is completely restarted every time the policy is installed, and it is possible that this is the source of the problem.  While you could try just completely disabling SecureXL with fwaccel off and then test policy reinstalls, it would be more prudent to exclude the IP addresses of your videoconferencing server(s) from SecureXL acceleration as detailed in the SK below, and see if the undesirable behavior goes away when policy is loaded.

sk104468: How to disable SecureXL for specific IP addresses

 

 

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
JozkoMrkvicka
Authority
Authority

What about Connection Persistence (Keep all connections) within CLuster Object?

Kind regards,
Jozko Mrkvicka
Antoine_Rebuzzi
Participant

Thanks a lot guys. I will try some of these, while I'm waiting for the TAC answers 🙂
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events