This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
sx8n20394
Contributor
3 weeks ago

VOIP not performing NAT

I have a Quantum Spark 1575 on the latest 81.10.17 GA Firmware, Locally managed. We installed this a few months ago and had no issues and then all of a sudden VOIP stopped working today. We could not get inbound calls and outbound calls were dropping after 30-60+ seconds. No updates or configuration changes.

We were at first seeing drops 104.xxx.xx.xxx:5060 -> 192.168.199.10:5060 dropped by fwpslglue_chain Reason: PSL Drop: CMI dropped connection.

After a reboot of the firewall the drops stopped but calls still did not work. When I run a tcpdump it looks like the cloud provider is reaching the gateway with port 5060 to our port 5060 but it is not NATing to the internal PBX like it originally was. 

I created a test NAT and used telnet to go from my laptop to port 5060 on our gateway. This NAT works and shows up in the TCP dump as reaching the gateway and then NATing to my internal PBX. The only difference is my telnet test NAT has a different source port. The NAT rules are just the default from the VOIP module wher eis does ANY > Gateway, SIP Services Translated to Original Service to PBX as Destination.

We opened a case with support but they have no idea what is causing the issue so we are basically at a stand still. Has anyone else experienced this?

0 Kudos
9 Replies
the_rock
MVP Gold
MVP Gold
3 weeks ago

Can you try disable SIP inspection? I dont have local smb to confirm, but I believe there should be an option for that service to select protocol NONE...if so, just give that a try.

Andy

Best,
Andy
0 Kudos
sx8n20394
Contributor
3 weeks ago
In response to the_rock

Inspection was already disabled. I also tried setting the Protocol to none as well. Like I said before, this was working just fine for several months and just stopped this morning. The provider confirmed nothing is wrong on their end or their equipment.

0 Kudos
the_rock
MVP Gold
MVP Gold
3 weeks ago
In response to sx8n20394

K, fair enough. I read your post again and what caught my eye was part about NAT. So, technically, source port never matters, only destination one, so we can eliminate that. Now, just a thought, do you happen to have recent backup that could be restored? I know you said nothing changed, but clearly there must be something that caused this to stop working.

Andy

Best,
Andy
0 Kudos
sx8n20394
Contributor
3 weeks ago
In response to the_rock

We take backups everyday via the SMP cloud backup. I don't think we can restore the backup because support updated the firmware this morning. Unfortunately nothing did change. I am the only person who manages the firewall and I haven't logged into it in months. We have been experiencing a lot of issues with our Checkpoints. Lots of random bugs and small issues that break critical infrastructure. They just seemingly come out of nowhere.

0 Kudos
the_rock
MVP Gold
MVP Gold
3 weeks ago
In response to sx8n20394

What suggestion(s) did you get from TAC?

Andy

Best,
Andy
0 Kudos
sx8n20394
Contributor
3 weeks ago
In response to the_rock

Nothing as of now. They just said they couldn't reproduce the problem and sent it to R&D.

the_rock
MVP Gold
MVP Gold
3 weeks ago
In response to sx8n20394

Thats good, lets hope R&D can assist further. Its unfortunate that happened to you, because its simply one of those things that happen probably less than 1% of the time.

Andy

Best,
Andy
0 Kudos
sx8n20394
Contributor
3 weeks ago
In response to the_rock

I must be the unluckiest Checkpoint user ever because I have an issue pretty much every single week with something going wrong. VPNs don't stay up, VOIP stops working, Routing stops working... I pretty much know the CLI and troubleshooting secrets inside and out because of all the cases I've opened up over the years. I really hope they improve with the 2500 Spark series. If my company wasn't so dedicated to Checkpoint and their ecosystem I would have scrapped them for Palo Alto or Fortinet years ago.

0 Kudos
the_rock
MVP Gold
MVP Gold
3 weeks ago
In response to sx8n20394

First off, sorry to hear all that, never fun dealing with those things. If I were you, I would definitely bring all those issues to your local SE and have them take it up further for you.

Just my 2 cents.

Andy

Best,
Andy
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events