- CheckMates
- :
- Products
- :
- Quantum
- :
- Security Gateways
- :
- H323 Hop Count being inspected?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
H323 Hop Count being inspected?
We are using R80.30. After an update from JHF 219 to JHF 228 we suddenly had a near complete outage of all H323 calls. There was no Drop, Reject, Detect or Prevent in the log file.
When we checked SK153152, we noticed the following change in JHF227:
PRJ-16286,PRJ-16287,PMTR-58322: NEW: Added support for HopCount field in H323 protocol. Refer to sk169513.
This seemed the only change mentioned with any relevance concerning H323. So I took a look at the Hop Count in the troubled calls:
hopCount: 31
According to https://www.packetizer.com/ipmc/h323/whatsnew_v5.html the H323 HopCount has only 5 bit. So 31 is the max HopCount.
My suspicion here is: Check Point drops the packet because HopCount is exceeded or modifies the HopCount.
Can someone confirm or deny my suspicion? How can I tell the gateway to ignore the hop count?
Thanks in advance, Martin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I would advise to raise a TAC case for this.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Already opened the TAC case two days ago. Specifically asked this question yesterday morning.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I assume if you can trigger this issue, you can see the precise reason for it being dropped with something like fw ctl zdebug drop | grep x.x.x.x
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Replication is possible, but that would disable 800 telephonse for the duration. That's why I would first try to get the question answered ;-).