Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
dehaasm
Collaborator

Zendesk voice application 3 second delay

Not sure if this is a Check Point related issue but the issue only appears when connected behind a Check Point firewall, when connected to direct internet the issue does not occur.

The issue is that whenever the Zendesk servicedesk application makes a Voice call (via Cloud STUN server) after answering a call there is a 3 second delay before the voice is heared, after 3 seconds the call works fine. While performing the same test without a firewal in between this issue does not occur.

We made packet captures and also tried to disable coreXL (fwaccell off) but it didnt resolve the issue.

In the packet capture the only thing i see is that there is a DTLS handhakes with a 3 second delay, meaning that it takes 3 seconds for the external server to reply. This does not show any delay on the Check Point firewall but perhaps i am overlooking something as we cannot find the root cause.

Dit someone already experience such issue?

 

0 Kudos
39 Replies
dehaasm
Collaborator

Hi Guys it was some time ago but the issue is solved, we migrated the firewall with exact same settings to R81.20 and the issue does not occur anymore, so there has to be some kind of bug in version R81.10 causing this which is now suddenly solved directly after using R81.20

0 Kudos
dehaasm
Collaborator

we do source hide nat to the internet

0 Kudos
dehaasm
Collaborator

Hi Stefan, we fixed it by using R81.20 are you using R81.10 at the moment then please consider upgrading.

0 Kudos
the_rock
Legend
Legend

recommended jumbo?

0 Kudos
dehaasm
Collaborator

R81.20 take 84 not 89 as apparently has some boot loop issues 

0 Kudos
dehaasm
Collaborator

might this be a good test to completely bypass the flow from secureXL?

https://community.checkpoint.com/t5/General-Topics/how-to-disable-SecureXL-for-specific-src-to-speci...

0 Kudos
the_rock
Legend
Legend

Right...BUT, if sxl is turned off and issue happens, not so sure this may help : - (

Andy

0 Kudos
Reeve60
Participant

Hi @the_rock

So, after looking into HTTPS inspection, the setting is turned off for our environment so it's safe to assume I don't need to create a bypass rule. 

@dehaasm thanks for the tip, which helped me to double-check if NAT is hiding internal networks (which this setting is turned off).

 

Stefan

0 Kudos
the_rock
Legend
Legend

Agree 100%, if its off, no need to change anything with bypass rules.

0 Kudos
the_rock
Legend
Legend

Yes, message me directly, we can connect offline, I will review the pcaps.

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events