This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Antoine_Rebuzzi
Participant
‎2019-03-29 12:58 AM

Videconferencing cut when applying policy

Hi, 

 

I need a little bit of help, because we are struggling with surely a simple thing, but we can't find a good solution. We have an issue that, when applying policy, all our videoconferencing flows that are in progress are cut. 

 

We did try to create specific UDP & TCP ports (1024-65535, H323, SIP...) and ticking the box "Keep connections open after the policy has been installed", but it still doesn't work. 

 

I was wondering if someone experienced the same, of if there's a "best practice" for this on the policy rules. 

 

Thanks in advance for your help ! 

Antoine REBUZZI

0 Kudos
8 Replies
Wolfgang
Authority
Authority
‎2019-03-29 01:25 AM

Any high CPU utilization at the moment of policy install?

Which type of appliance are you using ?

0 Kudos
Antoine_Rebuzzi
Participant
‎2019-03-29 01:27 AM
In response to Wolfgang

I've got two different firewalls, one is an appliance 5200, and another one is a splat on an HP server.

Hmm, no high CPU for these firewalls at the moment of the push.
0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2019-03-29 01:34 AM

I would suggest to open a SR# with TAC to resolve that !
CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Wolfgang
Authority
Authority
‎2019-03-29 01:58 AM

If there are no interesting logs seen for the dropped connections I agree with Günther to open a case.

There is a good description of the "Keep connections open after the policy has been installed" behaviour in

Connectivity Issues after Policy Install

 

Wolfgang

0 Kudos
Antoine_Rebuzzi
Participant
‎2019-03-29 02:08 AM
In response to Wolfgang

Thanks guys. 

 

I was pretty sure I would need a ticket, but I wanted to check if someone experienced the same thing than me before 🙂

Will keep the info I might get from the TAC here !

 

Antoine 

0 Kudos
Timothy_Hall
Legend Legend
Legend
‎2019-03-29 05:18 AM
In response to Antoine_Rebuzzi

If you are using R80.10 gateway or earlier, SecureXL is completely restarted every time the policy is installed, and it is possible that this is the source of the problem.  While you could try just completely disabling SecureXL with fwaccel off and then test policy reinstalls, it would be more prudent to exclude the IP addresses of your videoconferencing server(s) from SecureXL acceleration as detailed in the SK below, and see if the undesirable behavior goes away when policy is loaded.

sk104468: How to disable SecureXL for specific IP addresses

 

 

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
JozkoMrkvicka
Authority
Authority
‎2019-03-29 12:46 PM
In response to Timothy_Hall

What about Connection Persistence (Keep all connections) within CLuster Object?

Kind regards,
Jozko Mrkvicka
Antoine_Rebuzzi
Participant
‎2019-04-05 01:42 AM
In response to JozkoMrkvicka

Thanks a lot guys. I will try some of these, while I'm waiting for the TAC answers 🙂
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events