- Products
- Learn
- Local User Groups
- Partners
-
More
Celebrate the New Year
With CheckMates!
Value of Security
Vendor Self-Awareness
Join Us for CPX 360
23-24 February 2021
Important certificate update to CloudGuard Controller, CME,
and Azure HA Security Gateways
How to Remediate Endpoint & VPN
Issues (in versions E81.10 or earlier)
Mobile Security
Buyer's Guide Out Now
Important! R80 and R80.10
End Of Support around the corner (May 2021)
So, TL;DR:
1) Are there any settings, configurations, service modifications that will make Wifi calling work and work well?
2) Is there a way to prevent the firewall from remapping source ports in NAT, particularly for this UDP 500 and UDP4500 traffic?
Background:
I am having issues with one of my remote remote sites where the folks down there depend on wifi calling since cell service is so bad.
They've gone through quite a few network changes as of late, including a forklift replacement of their network with Aruba gear and a change of gateways from a 4200 appliance to a pair of 1490s.
So, wifi calling sucks. Can't connect most of the time and when they do the quality is terrible. The firewall is allowing the UDP 500 and 4500 traffic out as expected but still they report issues.
I found an article written by/for the SonicWall folks that claim that the changing of the source port during NAT will negatively affect Wifi calling. There is a specific setting that makes that traffic maintain its source port. I have ticket open with Check Point support, and they don't think that this port remap should be causing an issue, and since these folks were behind a different Check Point previously, I am inclined to agree. The local tech staff for the remote site are opening a ticket with the wireless vendor as well. But...
I'd still like to test and see if I can get it to improve. Unfortunately I can't find how to get the damned firewall from changing the source port.
Thanks in advance.
Edit: They are on Aruba wireless not on the wireless on the appliance itself.
I'm in the camp of WiFi calling just sucks through a 600 series FW.
Our enterprise class 15600's seem to be fine, though, with no complaints.
The phone will establish itself on WiFi, connect to Verizon and be all happy that life is going on. Just over WiFi.
The problem is inbound calls do not complete (and go to a "this line isn't accepting calls right now" and outbound calls either take way too long to complete the phone gives up, or they won't even try to start until you turn off WiFi.
I haven't had time to troubleshoot it, so I just turned off WiFi calling for the time being.
Our issues went from poor call quality, connection delays, to the issue where you could connect the call immediately, but then not have any sound.
We are all good now. Turns out the issue was on the Aruba side.
Unfortunately, because the site is remote I didn't realize that our Aruba implementers were doing work on the network and broke wifi calling completely somehow (connect but no sound). The local tech moved to another building, and it worked like it had previously, poor quality, delayed connection.
He texted me last night to tell me that it was working perfectly now. There was an ACL missing from each of the user roles that allows. When I find more information I'll share it as I know there are folks who use Check Point who are also implementing Aruba. Maybe they'll be able to help their network folks out when they start blaming the firewall....
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY