Hi,
Don't use any predifined " SIP " service in your rule base. Create a
service UDP 5060 instead of SIP and replace all SIP rules with that
service.
I think it will solve your problem.
SIS Felipe Chang wrote:
Hello any idea how to disable the inspection of sip traffic (header).
regards
Atentamente,
Ing. Felipe Chang
Ingeniero Senior de Network - Seguridades
Email: [EMAIL PROTECTED]
Fono: 593-4-2693693 Ext.: 4129
Móvil: 593-9-3044395
Conecel - América Móvil
www.porta.net
AVISO DE CONFIDENCIALIDAD: La información contenida en este e-mail es
confidencial y sólo puede ser utilizada por el individuo o la entidad a la cual
está dirigido. Si usted no es el receptor autorizado, cualquier retención,
difusión, distribución o copia de este mensaje está prohibida y sancionada por
la ley. Si por error recibe este mensaje, favor reenviarlo a su transmisor para
comunicar la recepción equivocada y borrar inmediatamente el mensaje recibido.
CONECEL no asume responsabilidad sobre información, opiniones o criterios
contenidos en este e-mail que no estén relacionados con negocios oficiales.
CONFIDENTIALITY NOTICE: The preceding e-mail message contains information that
is confidential and is intended exclusively for the individual or entity to
which it is addressed. If you are not the intended recipient, any withholding,
use, dissemination, distribution, or reproduction of this message is strictly
prohibited and unlawful. If you receive this message by error, please reply to
the sender to advise of the erroneous transmission and immediately delete the
message from your system. CONECEL accepts no liability over any information,
opinion or advise contained herein which is not relative to official business
issues.
-----Mensaje original-----
De: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] En
nombre de SIS Felipe Chang
Enviado el: Viernes, 11 de Noviembre de 2005 7:33
Para: [email protected]
Asunto: [FW-1] Attack Info: Malformed SIP datagram, Illegal 'TO' user in the
request packet
Importancia: Alta
Carácter: Confidencial
Hello
I have a BIG problem, I have Check Point NG R55, I have this network's for my
services's PoC (Push to Talk)
APNs PoC <-> Firewall A <-> Redes Corporativas <-> Firewall B <-> Platfform
Push to Talk (PoC).
The problem is what the smart defense block all traffic SIP because it
understand this traffic how to a atack or malformed packet.
I was disable in my Smart Defense the check box "Application Inteligence" -> "VoIP" ->
"Verify SIP Header Content" but it isn't result and the smart defense continuos block this traffic.
The error in the smart view tracker is "Attack Info: Malformed SIP datagram, Illegal
'TO' user in the request packet"
Please Do you have any idea how to solve this.
regards
Atentamente,
Ing. Felipe Chang
Ingeniero Senior de Network - Seguridades
Email: [EMAIL PROTECTED]
Fono: 593-4-2693693 Ext.: 4129
Móvil: 593-9-3044395
Conecel - América Móvil
www.porta.net
AVISO DE CONFIDENCIALIDAD: La información contenida en este e-mail es
confidencial y sólo puede ser utilizada por el individuo o la entidad a la cual
está dirigido. Si usted no es el receptor autorizado, cualquier retención,
difusión, distribución o copia de este mensaje está prohibida y sancionada por
la ley. Si por error recibe este mensaje, favor reenviarlo a su transmisor para
comunicar la recepción equivocada y borrar inmediatamente el mensaje recibido.
CONECEL no asume responsabilidad sobre información, opiniones o criterios
contenidos en este e-mail que no estén relacionados con negocios oficiales.
CONFIDENTIALITY NOTICE: The preceding e-mail message contains information that
is confidential and is intended exclusively for the individual or entity to
which it is addressed. If you are not the intended recipient, any withholding,
use, dissemination, distribution, or reproduction of this message is strictly
prohibited and unlawful. If you receive this message by error, please reply to
the sender to advise of the erroneous transmission and immediately delete the
message from your system. CONECEL accepts no liability over any information,
opinion or advise contained herein which is not relative to official business
issues.
=================================================
To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL
PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your subscription options, email
[EMAIL PROTECTED] =================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
