From the begining, I'm networking guy not "VoIP telephony" guy.
One VPN is fully functional, except SIP Traffic. My host sends SIP Invite. Packet arrive to destination. The other host Answer to SIP invite, but the pachet is dropped on checkpoint site. I ran fw ctl zdebug drop | grep d.d.d.2
Packet proto=17 a.a.a.2:5060 -> d.d.d.123:5066 dropped by fw_one_way_enforcement Reason: conn oneway violated
What I did: I defined a rulebase traffic between hosts to be accepted on custom defined services on UDP port 5060 and 5066. I unchecked "MatchAny" on custom service definition and also I checked "Accept Replies".
I put in exception for traffic inspection... nothing is working.
What shall I do more?