We have softphones CISCO Jabber on our vpn devices and it's doesn't work well. We have some different scenarios and different behaviour for each scenarios.
The network topology is simple -> F5 client EDGE VPN -> GW Checkpoint 4800-> LAN
As below my checkpoint rule
SRC: SIP server; client VPN -> DST: Client VPN; SIP Server -> service: sip_dynamic_ports; sip-tcp
1 - I can etablish a call from my client jabber on the VPN device to my client jabber on my laptop (LAN) it's work fine
2 - But I can't etablish a call from my client jabber on my laptop to my client jabber on the vpn device it's doesn't work
I did a TCPDUMP on the SIP server and I can see that the SIP server send a "request: INVITE" but the client jabber never respond to the INVITE as shown on the capture below.
Maybe because de SIP packets are inspected and modified by the checkpoint ?? How can I verify if the SIP packet are inspected by checkpoint ? how can I completly desactivate the inspection SIP to be sure if the problem come frome to SIP inspection ?
In the checkpoint log on the dashboard I can see the REQUEST INVITE frome the SIP server but with a error message as below.
I tied to do the manipulation as mentionned by "Hugo_vd_Kooij" https://community.checkpoint.com/t5/Access-Control-Products/How-to-disab
-I created a clone of sip-tcp service with "protocol" set to none and in the advanced "Match fo Any" but for the "sip_dynamic_ports" I can't change the advanced parameter "Match fo Any" ?
If someone as an idea about this problem ?