Hello,
I am writing to report notorious problems with several CP1550 and 1530 devices. The devices behave worse and worse after each update.
For example:
1. one of the devices started blocking all traffic entering the WAN
2. entered rules in firewall, SSL inspection, TP do not work properly often in logs I see connection rejection by CODE 1 error in Application Control or SSL inspection.
3. the devices do not keep the settings for forwarding in firewall SIP traffic. After every upgrade or reboot I have to remove SIP entries from firewall and add them again otherwise no connectivity.
4. several times I had to restore the devices to factory settings then upgrade to the latest firmware and rewrite the configuration manually. Restoring the configuration from backap does nothing as the database is probably corrupted.
5. the device can reboot itself and lose the SIP configuration.
I have the most problems with the stability of SIP connections. Many times I have to re-configure by deleting the entered entries in the rules.
I don't report this to the service center because the wait time to solve the problem is quite long sooner I restore the factory settings and enter the settings manually. Everything works until a reboot or power cut. At that point the devices lose stability.
In two other institutions I have run Fortigate devices a similar environment with a SIP PBX everything has worked without a problem for several months.
I no longer have the strength to constantly worry about whether SIP will work properly after an upgrade or reboot.
My SIP configuration is based on SIP UDP 5060, SIP RTP UDP 10K-20K and direct forwarding in the firewall. TP, SSL protection is disabled for these connections. I see an attempt to establish a connection to the telecom service provider's server but it is not set up. The telephone exchanges are provided by SLICAN Poland
In the new firmware version, I noticed a problem with QoS blade does not detect settings in the Internet connection
I would like to ask the person on the forum who has direct contact with Checkpoint Technicians to pass on my observations to them. Please pay attention to the performance of the SIP and the stability of the database itself because as far as I can tell it degrades corrupts after every upgrade or reboot of the device. The problem does not occur on one device but on a dozen so it lies with the firmware.
Due to the lack of improvement in the performance of Checkpoint SMB SPARK devices, I am forced to switch to the Fortigate solution (two test devices have been working stably and without problems for several months).
CP730/750 version behaved more stably but also not perfectly