[cisco-voip] Video firewall traversal with Checkpoint firewalls and IPS

[Dana Tong]

Good morning all,

I have a VCS Control / Expressway combination setup with the appropriate traversal zone, and search rules for a client of mine who has a Checkpoint firewall and IPS function. I have provided them with the firewall port usage guide for Cisco VCS Control with Expressway.

I have enabled a packet capture on a VCS Expressway that I have here in our office and made a test call to a CODEC here.

I see the following:

Receive SIP INVITE from remote party
Send 100 TRYING
Send 180 RINGING
Send 200 OK with SDP (a number of times).
SDP looks correct.
No response from the remote CODEC.
Receive CANCEL

Now, I don't think all the of the f/w rules are quite yet provisioned and enabled. I am trying to establish a remote session with the customer to perform another packet capture on their Expressway to see if they receive my 200 OK and if it sends an ack.

But at the moment the person who maintains the firewall has been away but will be back this week. Would you agree that we have an issue with the firewall (based on the limited information I have provided)?

And is there anything special that needs to be done on a Checkpoint firewall for Video Traversal?

Cheers
Dana

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20140422/23d49f1e/attachment.html>