I'm fairly new to checkpoint and have got a request to allow the SIP traffic UDP/5060, TCP/5060 and TCP/5061. Firewalls running R81.10 and Take78.
Have gone through this article and it suggests opening the data port manually along with sip_tls_not_inspected (if sip_tls_authentication can't be used)
SIP-Specific services (checkpoint.com)
I'd like to seek your help in understanding how checkpoint processes the SIP traffic as couple of posts suggest using without the protocol handler and exempt from the IPS inspection to avoid one-way call issue.
Is it mandatory to bypass the SIP traffic from both IPS and Inspection settings?
Will the checkpoint not automatically allow the dynamic connections?
If the protocol handler isn’t set, obviously the inspection will not do. If that’s the case, why do we need to config the IPS and inspection settings bypass the SIP traffic?