This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
jsavio
Explorer
‎2023-08-11 12:24 AM

VOIP issue with phones behind SMB FW and PBX behind Site to Site VPN

CP-VOIP-1.pngWe are facing a strange issue with SIP calls such as:

1) Phones behind SMB devices(brances) are not able to make calls to phones behind DC FW.

2) One way audio issues from phones behind SMB to phones behind DC FW.

3) We see two INVITE_SDP packets sent from phones and from Branch firewall tcpdumps however tcpdump on VPN GW doesn't show the second INVITE_SDP. After the first INVITE_SDP packet is sent, the PBX sends a 401 unauthorized message which the PBX vendor confirms is 'normal'.

We have configured custom 5060 service(without protocol) in DC, VPN and Branch firewalls however the issue still persists. We have also tried an 'any' rule but the issue is not solved.

We have tried enabling the VOIP option in the 1570 FW but no luck. At the same time, other tcp/udp communications from branch to HO are working absolutely fine.

Grandstream is our PBX solution. We do not have any NAT enabled for the site to site VPN.

Some of phones in the branches are working absolutely fine, we can make and receive calls without any issues. The OS versions were checked and we have working scenarios with R81.10.07 and not working scenarios with the same R81.10.07 version.

Any thoughts/steps would be really appreciated.

Thanks in advance for your time.

 

0 Kudos
3 Replies
Chris_Atkinson
Employee Employee
Employee
‎2023-08-11 06:01 PM

For all the 1570s are they running the same build of firmware: R81.10.07  (996001430)?

Which version/JHF is the datacenter 5200 firewall running with?

CCSM R77/R80/ELITE
0 Kudos
jsavio
Explorer
‎2023-08-11 08:41 PM
In response to Chris_Atkinson

Some of the 1570s are running R81.10 and some are running R81.10.07. We have seen issues on SMBs running the latest firmware.

Somehow we are not seeing the second invite packet on the VPN GW FW.

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2023-08-12 02:16 AM
In response to jsavio

Thanks for clarifying as your initial post implied something different.

Are you already working with TAC on this issue?

CCSM R77/R80/ELITE
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events