cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

Videconferencing cut when applying policy

Hi, 

 

I need a little bit of help, because we are struggling with surely a simple thing, but we can't find a good solution. We have an issue that, when applying policy, all our videoconferencing flows that are in progress are cut. 

 

We did try to create specific UDP & TCP ports (1024-65535, H323, SIP...) and ticking the box "Keep connections open after the policy has been installed", but it still doesn't work. 

 

I was wondering if someone experienced the same, of if there's a "best practice" for this on the policy rules. 

 

Thanks in advance for your help ! 

Antoine REBUZZI

0 Kudos
8 Replies
Wolfgang
Gold

Re: Videconferencing cut when applying policy

Any high CPU utilization at the moment of policy install?

Which type of appliance are you using ?

0 Kudos

Re: Videconferencing cut when applying policy

I've got two different firewalls, one is an appliance 5200, and another one is a splat on an HP server.

Hmm, no high CPU for these firewalls at the moment of the push.
0 Kudos

Re: Videconferencing cut when applying policy

I would suggest to open a SR# with TAC to resolve that !
0 Kudos
Wolfgang
Gold

Re: Videconferencing cut when applying policy

If there are no interesting logs seen for the dropped connections I agree with Günther to open a case.

There is a good description of the "Keep connections open after the policy has been installed" behaviour in

Connectivity Issues after Policy Install

 

Wolfgang

0 Kudos

Re: Videconferencing cut when applying policy

Thanks guys. 

 

I was pretty sure I would need a ticket, but I wanted to check if someone experienced the same thing than me before 🙂

Will keep the info I might get from the TAC here !

 

Antoine 

0 Kudos

Re: Videconferencing cut when applying policy

If you are using R80.10 gateway or earlier, SecureXL is completely restarted every time the policy is installed, and it is possible that this is the source of the problem.  While you could try just completely disabling SecureXL with fwaccel off and then test policy reinstalls, it would be more prudent to exclude the IP addresses of your videoconferencing server(s) from SecureXL acceleration as detailed in the SK below, and see if the undesirable behavior goes away when policy is loaded.

sk104468: How to disable SecureXL for specific IP addresses

 

 

"IPS Immersion Training" Self-paced Video Class
Now Available at http://www.maxpowerfirewalls.com
JozkoMrkvicka
Platinum

Re: Videconferencing cut when applying policy

What about Connection Persistence (Keep all connections) within CLuster Object?

Kind regards,
Jozko Mrkvicka

Re: Videconferencing cut when applying policy

Thanks a lot guys. I will try some of these, while I'm waiting for the TAC answers 🙂
0 Kudos