CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


First, I hope you're all well and staying safe.
Second, I want to give a "heads up" that you should see more activity here shortly, and maybe a few cosmetic changes.
I'll post more details to the "Announcements" forum soon, so be on the lookout. -E

 

Results 1 to 4 of 4

Thread: Completly disable any kind of SIP inspection

  1. #1
    Join Date
    2010-11-11
    Posts
    57
    Rep Power
    10

    Default Completly disable any kind of SIP inspection

    Hello,
    has anyone more luck than me in disabling SIP packet tampering/dropping by Check Point? I just want to pass udp/5060 through the firewall.
    First I was faced with early NAT problems. So I followed everything in SK65072. So early NAT is gone, IPS is completly turned off. Protocol is not defined and so on. Everything looks fine.

    So I test the connection again.
    Smartview Tracker is green on a SIP Call all the way, just listing
    port 5060, but the call fails (person picks up, but there is still a
    calling tone on the callers end).
    When the caller hangs up, there is a SIP Error listed in the Smart
    View Tracker (something with bye message).

    Why is the firewall still doing some kind of inspect on the traffic?
    This is a an R75.46 Cluster, but it feels that I accompanied this problem through many iterations of CP:(

  2. #2
    Join Date
    2005-08-14
    Location
    Gig Harbor, WA, USA
    Posts
    2,499
    Rep Power
    18

    Default Re: Completly disable any kind of SIP inspection

    If you go into the SIP service definition and click Advanced, it most likely says SIP_UDP, which means the gateway is still doing SIP inspection. Change the port on this service to something unused and remove it from your rulebase (or just delete the service, but since its predefined, maybe not).

    Create a simple UDP service for port 5060. Use that service instead of the pre-created one.
    http://phoneboy.org
    Unless otherwise noted, views expressed are my own

  3. #3
    Join Date
    2010-11-11
    Posts
    57
    Rep Power
    10

    Default Re: Completly disable any kind of SIP inspection

    Quote Originally Posted by PhoneBoy View Post
    If you go into the SIP service definition and click Advanced, it most likely says SIP_UDP, which means the gateway is still doing SIP inspection. Change the port on this service to something unused and remove it from your rulebase (or just delete the service, but since its predefined, maybe not).

    Create a simple UDP service for port 5060. Use that service instead of the pre-created one.
    Unfortunately no. I had to do this already to get rid of the early NAT related to sip.

  4. #4
    Join Date
    2007-06-27
    Posts
    22
    Rep Power
    0

    Default Re: Completly disable any kind of SIP inspection

    Hi

    Why is the firewall still doing some kind of inspect on the traffic?
    rhetorical question :-) because it a firewall and this what firewall does.
    if you want to just pass tcp / udp traffic then you need a simple layer 3 router
    with basic access list mechanism.

    Regards,
    Guy

Similar Threads

  1. R70.30 and R75.20 Voip SIP Inspection
    By Peter-L in forum Voice over IP Blade (VoIP)
    Replies: 2
    Last Post: 2012-12-05, 00:27
  2. What kind of RAM do old IP260 and IP350 take?
    By hotice_ in forum Check Point IP Appliances and IPSO (Formerly Sold By Nokia)
    Replies: 9
    Last Post: 2009-09-01, 14:34
  3. Disable Stateful inspection for a particular destination?
    By twistedmetal in forum Services (TCP, UDP, ICMP, etc.)
    Replies: 6
    Last Post: 2009-06-12, 19:38
  4. Best way to change cluster address? (kind of double-post)
    By Moose in forum Clustering (Security Gateway HA and ClusterXL)
    Replies: 2
    Last Post: 2008-09-23, 05:23
  5. Protocol inspection, how deep the inspection?
    By blackberry in forum Content Security/Security Servers/CVP/UFP
    Replies: 1
    Last Post: 2006-07-14, 05:17

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •