Actually I am not sure Tomer answer will work. After having been on first name bases with R&D VOIP for a year with loads of VOIP tickets in R65 I learned a lot of the background of the code. And I guess most of it is still valid.
At least in R77.30 I always use the following strategy:
- Define your own UDP or TCP object without a protocol handler. For example: Name it SIP-BARE and use UDP/5600
- Make sure you enable "Match for Any" on your own service and disable it on the existing service.
- Make a rule for you own service AND!!!! make sure it is ABOVE any rule that uses the build in SIP services (which contains handlers).
If you forget to put your rule in the right order the whole trick will not work.
As soon as you have a rule that will contain a handler for a specific TCP or UDP port that decision will stick.
So if you have a generic SIP on rule 30 and your own definition on rule 40 you will still see the SIP handler act on those connections.
If you put your own definition in rule 28 and have generic SIP in rule 30 then rule 28 will not act on SIP traffic but rule 30 will still act on SIP traffic and do all sorts of magic.
I must admit this is a tricky concept to understand at first but once you understand these basics you can explain a lot of unexpected behaviour in Check Point firewalls.
So far I have not been able to verify this is still how it works with R80.10 and I have yet to add a PABX to my lab. (Actually I have a 3CX PABX but it has some other issues I need to sort out first.)
