This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
the_rock
Legend
Legend
3 weeks ago
Jump to solution

VOIP question

Hey guys,

Just wondering if someone can clarify this for me and if it is expected because maybe of service (sip) used?

So, customer has setup as example 7-1 in below sk and all works fine, no issus, BUT, rather than bi-directional rule, they have 2 separate ones and randomly, logs that should show for rule 9, show for rule 10 and other way around.

Is that expected? We even ran fw up_execute and shows right rule)s).

Thoughts?

https://support.checkpoint.com/results/sk/sk95369

Tx as always!

Andy

0 Kudos
1 Solution

Accepted Solutions
the_rock
Legend
Legend
3 weeks ago
Jump to solution

Hey guys,

Just to update on this, spoke with TAC on unrelated case and asked them this question and lady said it is purely cosmetic, but its fixed if jumbo 99 installed on the mgmt, which is what we suggested to the customer.

Cheers,

Andy

View solution in original post

0 Kudos
10 Replies
Lesley
Mentor Mentor
Mentor
3 weeks ago
Jump to solution

I suspect that sometimes the traffic hits the VOIP handler (SIP service) and other times the other defined port. If you could share screenshot of the rules I can check it. 

-------
If you like this post please give a thumbs up(kudo)! 🙂
the_rock
Legend
Legend
3 weeks ago
In response to Lesley
Jump to solution

Yep, will ask customer for it.

Andy

0 Kudos
the_rock
Legend
Legend
3 weeks ago
In response to Lesley
Jump to solution

Here it is.

Andy

image.png
Preview file
93 KB
0 Kudos
Lesley
Mentor Mentor
Mentor
3 weeks ago
In response to the_rock
Jump to solution

Ah in this way. The my first comment is not relevant.

Is it not because of this:

  • Security rules can be defined that allow bidirectional calls, or only incoming or outgoing calls.

So if traffic hits rule 9 it is an incomming call and rule 10 an outgoing call? Do you see something like this in the logs?

I would not recommend to put it all in one rule. Because then you open traffic between the subnets. 

What if you make new rules like below? Then it is still secure and you follow the recommended steps in the guide:

Source:
HQ-Voice
BTC-Edgemark-HQ
Destination:
HQ-Voice
BTC-Edgemark-HQ

sip-tcp
sip


Source:
DR_VOICE-VLAN
BTC-Edgemark-HQ
Destination:
DR_VOICE-VLAN
BTC-Edgemark-HQ

sip-tcp
sip

etc

-------
If you like this post please give a thumbs up(kudo)! 🙂
0 Kudos
the_rock
Legend
Legend
3 weeks ago
In response to Lesley
Jump to solution

Hey @Lesley 

I definitely asked them to try, lets see. Do you think though doing it this way would be any different?

Andy

0 Kudos
Lesley
Mentor Mentor
Mentor
3 weeks ago
In response to the_rock
Jump to solution

Not sure we have to try. Because the documentation is very specific about it. 

-------
If you like this post please give a thumbs up(kudo)! 🙂
0 Kudos
the_rock
Legend
Legend
3 weeks ago
In response to Lesley
Jump to solution

Btw, spoke with my colleague about this and we asked them to see if they can verify 2 things (well verify 1 and do the 2nd one if willing)

1) Check if there is an updates smart console to install

2) If they are willing to install latest jumbo 99 for mgmt ONLY, as I recall seeing people mention about display logs issue via smart console, just cant recall what take it was fixed it

Andy

0 Kudos
Lesley
Mentor Mentor
Mentor
3 weeks ago
In response to the_rock
Jump to solution

Can be done quick, would give this a try. Only log issue I have seen that the interface direction in a log entry was incorrect due bug. Have not seen the issue with rules. This was bug ID: 

PRJ-47984,
PRHF-29667

Logging

Some Access Rule Base logs may be generated with a wrong interface direction. The issue is cosmetic only.

 

What version / take you have active now? can give a quick look. Share please gw and mgmt

-------
If you like this post please give a thumbs up(kudo)! 🙂
0 Kudos
the_rock
Legend
Legend
3 weeks ago
In response to Lesley
Jump to solution

Its on R81.20 just cant recall jumbo now, as we dont manage their equipment.

Andy

0 Kudos
the_rock
Legend
Legend
3 weeks ago
Jump to solution

Hey guys,

Just to update on this, spoke with TAC on unrelated case and asked them this question and lady said it is purely cosmetic, but its fixed if jumbo 99 installed on the mgmt, which is what we suggested to the customer.

Cheers,

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top