In my opinion, try to replicate the whole leg of your setup in your
test lab then sniff the traffic. Tedious but it will help.
Thank you for the replay
I sniffed the traffic on the voip-phone and there i see this :
The voip-phone sends a Register-Packet to the voip-provider with the
source-port 9100 and on the destination-port 5060.
The answer from the voip-provider have the source-port 5060 and the
destination-port 10310.
The voip-phone dont accept this packet he expect a packet on the port 9100 .
It seems that our Checkpoint make this confusion with the ports
In the log of the Checkpoint i see :
----------------------
Number: 1246080
Date: 21Nov2007
Time: 19:11:32
Product: VPN-1 Power/UTM
Interface: eth4
Origin: Scout2
Type: Log
Action: Accept
Protocol: udp
Service: sip (5060)
Source: voip_test
Destination: voip_rolvoice
Rule: 52
Current Rule Number: 52-Standard
Rule Name: voip
Source Port: 10310
SmartDefense Profile: Default_Protection
-------------------------
Here i see the Source Port:10310 who is not ok .
Some ideas ?
luis
Scanned by Check Point Total Security Gateway.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
