[cisco-voip] Video firewall traversal with Checkpoint firewalls and IPS
Brian Meade
bmeade90 at vt.edu
Tue Apr 22 17:45:42 EDT 2014
There's definitely potential for a firewall issue. Firewalls with SIP ALGs
built in drop 200 OKs with codecs/SDP lines they don't like all the time.
I'd make sure any SIP inspection/SIP ALG functionality is disabled on the
Checkpoint firewall.
Brian
On Tue, Apr 22, 2014 at 5:40 PM, Dana Tong <Dana_Tong at bridgepoint.com.au>wrote:
> Good morning all,
>
>
>
> I have a VCS Control / Expressway combination setup with the appropriate
> traversal zone, and search rules for a client of mine who has a Checkpoint
> firewall and IPS function. I have provided them with the firewall port
> usage guide for Cisco VCS Control with Expressway.
>
>
>
> I have enabled a packet capture on a VCS Expressway that I have here in
> our office and made a test call to a CODEC here.
>
>
>
> I see the following:
>
>
>
> Receive SIP INVITE from remote party
>
> Send 100 TRYING
>
> Send 180 RINGING
>
> Send 200 OK with SDP (a number of times).
>
> SDP looks correct.
>
> No response from the remote CODEC.
>
> Receive CANCEL
>
>
>
> Now, I don’t think all the of the f/w rules are quite yet provisioned and
> enabled. I am trying to establish a remote session with the customer to
> perform another packet capture on their Expressway to see if they receive
> my 200 OK and if it sends an ack.
>
>
>
> But at the moment the person who maintains the firewall has been away but
> will be back this week. Would you agree that we have an issue with the
> firewall (based on the limited information I have provided)?
>
>
>
> And is there anything special that needs to be done on a Checkpoint
> firewall for Video Traversal?
>
>
>
> Cheers
> Dana
>
>
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20140422/5ae84599/attachment.html>
More information about the cisco-voip
mailing list