Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
JoSec
Collaborator

Client SIP to Third Party SBC Behind Firewall

Our users have client software that connects to a third-party's SBC via SIP on UDP port 5060 over a site-to-site VPN tunnel to the third-party's firewall and we utilize manual Hide NAT rules to NAT the traffic behind a public IP address. The issue we have been experiencing is that clients initially connect but later an invite is sent from the SBC to the client, which never reaches the client and causing a disruption in connectivity. The SBC logs provided by the vendor, indicate a 408-request timeout when the issue occurs and it appears, looking at the checkpoint logs and packet captures, that the invite is sent directly to the public IP address our clients use for Hide NAT and not back to the client and therefore dropped by the firewall.

We have decided to now utilize the checkpoint SIP service object in the rule to see if that resolves the issue and it was indicated by Checkpoint tech support that I must use Auto NAT for the clients when using the SIP object in a rule. With the information above, any idea of what the cause might be, where I may look further and is it required to use Auto NAT rules for the clients when using the SIP object in a rule. One thing to note further, is that the clients initially connect in the morning but over time, usually hours later, the connectivity issues occur and then clear up hours later in the day. Also, it does not happen to all clients at the same time. Thanks

0 Kudos
1 Reply
_Val_
Admin
Admin

Please follow TAC recommendations for this.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events