Hi guys, i cannot touch the customer's firewall. I have all the required ports open but my SIP calls are randomly failing. I suspect a hidden (wouldnt be the first time) SIP ALG inspection rule/helper is messing up the calls. Anybody can please advise how to check that? Thanks a million! asked 29 Sep '14, 09:16  Dorian Marso... |
One Answer:
Are you able to trace the RTP/RTCP traffic along with SIP for these failed calls, and on both sides of the firewall? If you see SIP in both directions, where the RTP media reaches the firewall on one leg but not on the other, that would be a smoking gun more-or-less that the firewall is dropping the frames. Another thing you (or in this case the customer) could do is configure a catch-all UDP port rule at the bottom of their security policy and log it, to see if any UDP traffic between your VoIP systems in the media network are not catching any of the higher permit rules for RTP/RTCP. What is the firewall vendor? What is the configured firewall logic for this from the customer's perspective, and when you say you're certain you have all the required ports permitted is this a pure IP-level permit policy for the media or are they specifying exact RTP/RTCP port numbers? Have you confirmed in SIP/SDP info and in the RTP media that the failing calls are using the expected ports, and are you absolutely certain you're not forgetting about the corresponding RTCP ports (note: SIP implementations can vary and the original RFCs left a lot of "should"s in there so unless I saw the port number on the wire I wouldn't necessarily assume it to be what I'd want or expect)? answered 29 Sep '14, 15:25  Quadratic |
