I am trying to replace Checkpoint 1490 to Checkpoint 5200 with GAIA-R80.10 Standalone deployment.
Unfortunately SIP is not passing through over checkpoint. It was dropping SIP 5060 port and I used SIP Security Rule for Proxy in DMZ Topology and created to related rules.
- DMZ Network, A-Network and B-Network direct connected to Firewall
- PBX Located On DMZ network (Included other servers. Example: AD)
- Branch-1 connected IPSec Site2Site VPN
- A-Network and B-Networks Included hosts and they can connect to each other and for DMZ
- Branch-1 Network has included Hosts and they can to connect DMZ Network
dropping packets Reason: post lookup verification failed. and fwconn_key_init_links (OUTBOUND) failed
I followed sk65072:
No drop log on Firewall... (using: fw ctl zdebug )
- IP-Phones are Registering to PBX. But sometimes cannot.
- Call from B-Phone-1 to B-Phone-2, B-Phone-2 receiving call from B-Phone-1 and cannot hear each other.(no voice) Sometimes only one way voice. Issue is same with other side.
- Usually receiving call from external sources to Call Center. Sometimes cannot receive...
- If Call Center receive call from outside. They transferring call to B-Phones or Branch Phones. But Cannot receive the destination IP-Phones and connection active with Call Center with external source...
- And lot of known and unknown issue...
No any drop and prevent logs on appliance. Working without issue with Checkpoint 1490 and any other 3rd party firewall. We tested it...
Created service request on support center 45 days ago. Connected 10 more times remote over session with support engineers. They are escalated to Diamond Service engineers. We connected remote session few times again and debugged appliance, monitored, collected to related log files.
But still same point.
Sorry for my poor English.
I hope you understand the topology and can help to me..