VOIP Traffic is Being Dropped

VOIP Traffic is Being Dropped

40422
Created On 09/26/18 13:49 PM - Last Modified 06/07/23 02:39 AM


Resolution


Issue

Topology:  Call Manager------PAN------VoIP

Following an upgrade, the Call Manager is trying to send RST packets to the VoIP phones to re-initiate the connections. The firewall is not aware of the existing sessions and is dropping all the RST Packets.

 

Resolution

The RST packets are being dropped on the Palo Alto Networks firewall as they are identified as "out-of-order", by the global counters.

 

To bypass the asymmetric path causing the RST drops, use the following command:

> configure
# set deviceconfig setting tcp asymmetric-path bypass
# Commit

 

A more detailed bypass can be configured with this command:

# set deviceconfig setting tcp asymmetric-path bypass

+ bypass-exceed-oo-queue   whether to skip inspection of session if out-of-order packets limit is exceeded

+ check-timestamp-option   whether to drop packets with invalid timestamp option

+ favor-new-seg            whether to favor new segments when overlapping happens

+ urgent-data              clear urgent flag in TCP header

 

owner:  kalavi
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Clr8CAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language