Click Here To Visit SIP Broker  

Go Back   Voxalot / SIP Broker Support Forums > Voxalot Forums > Voxalot Support

Voxalot Support Support for the Voxalot service.

 
 
Reply
Thread Tools Display Modes
Unread 05-26-2009, 02:12 PM   #1
LeonB
Junior Member
 
Join Date: Jan 2009
Location: The Netherlands
Posts: 20
Thanks: 1
Thanked 1 Times in 1 Posts
LeonB is on a distinguished road
Send a message via Skype™ to LeonB
Unhappy Checkpoint Firewall and Voxalot

Hello,

In residential and mobile situations working with Voxalot functionallity runs like a charm without any hassle!

In our business we're using Checkpoint FW 6.5 R2. and behind it Counterpath X-Lite V3 Softphones.
Unfortunatly we experience problems in getting Voip working for quite some time now.
Registering to Voxalot accounts works but takes about 30 seconds...
Calling from behind the FW to an external Voip account works but calling from outside the FW to an inside client fails. The internal Softphone doesn't respond to the call.
Calling to different clients (with their own Voxalot account) from behind the FW is impossible. There's no recognition at all.

Our Business partner has configured the checkpoint FW to enable all endpoints within the LAN to communicate UDP port 5060.
Next Checkpoint - Israel did indepth debugging with our partner to troubleshoot the problems.

They discovered that certain important SIP tags aren't filled with data:

"I investigated the debugs that we have took with my colleagues from the escalation team and we have found that a lot of the SIP fields are missing, and that is the reason that the firewall drop this traffic (not RFC).
At the kernel debug you can see that the firewall can not find the tag from the packet field:
sip_get_user_tag: couldn't find 'tag' in From field
fw_sip_manager: Error - sip_get_user_tag failed getting From tag
sip_earlynat_get_source_port: failed: no call_id/user"

Also our partner did some additional analysis on the debug data and came up with remarks about the "From" Line.
It should contain several parts, besides adressing, also a unique "Tag=" part should be available to make each call unique and trackable. Especially in a NAT and Checkpoint FW setup this seems to be very important.

In his opinion Voxalot doesn't use this tag with the NOTIFY messages but they do with the INVITE messages.

He refers to the need of correct implementation of RFC 3261 section 8.1.1.3 on all From: rules.

Does Voxalot Support recognize the above meantioned findings?
Has anyone found a proper solid working solution (or workaround) using Voxalot accounts behind Checkpoint Firewalls?

I very much would appreciate if Voxalot and/or somebody with experience could help me resolving this issue.

Many thanks in advance!
LeonB is offline   Reply With Quote
Unread 05-26-2009, 08:51 PM   #2
boatman
Senior Member
 
boatman's Avatar
 
Join Date: Jul 2007
Location: Oregon, USA
Posts: 365
Thanks: 17
Thanked 77 Times in 64 Posts
boatman is on a distinguished road
Default

Quote:
Originally Posted by LeonB View Post
In his opinion Voxalot doesn't use this tag with the NOTIFY messages but they do with the INVITE messages.
I am not Voxalot support, but am curious about this issue.

Your incoming calls are signalled with an INVITE packet which has a proper "tag=" tag on the From line. NOTIFY packets from Voxalot do not have any "tag=" tag, however (as far as I know) the only NOTIFY packets Voxalot will send are to notify of new voice mail. A missing "tag=" in NOTIFY packets does not explain why you are not receiving calls.

I don't know much about the "sip_earlynat_get_source_port: failed: no call_id/user" problem, but you might find a solution here or here.
boatman is offline   Reply With Quote
Reply

Tags
checkpoint, firewall, rfc 3261, sip protocol

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Voxalot and Sipura/ATA Tutorial: A Comprehensive Walkthrough ctylor Voxalot General 5 04-28-2010 12:52 AM
Nokia N95 with Truphone and Voxalot, no OTA required. affinity Voxalot General 3 10-18-2007 02:12 AM
Skype through Voxalot affinity Voxalot General 3 10-13-2007 02:40 AM
VoXaLot and FWD: sound issues when calling FWD f7391 Voxalot Support 2 02-22-2007 08:56 PM
Newbie - but please be nice Mallycat Voxalot Support 21 04-15-2006 07:50 AM


All times are GMT. The time now is 11:08 AM.


Powered by vBulletin® Version 3.7.2
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.