topic Re: GoToMeeting audio(Microphone) not working in General Topics

GoToMeeting audio(Microphone) not working

Julian_V — Wed, 03 Jul 2019 13:11:46 GMT

Hello Community,

I have some questions regarding GoToMeeting and Security Policies. The System is a PA-3020, which is running on the software version 8.1.2.

For GoToMeeting to work properly, the application stun has to be allowed. I have created a security policy in which I have allowed said stun. Under the monitor tab, I now see that stun is allowed for the port 3478. Nevertheless, I see various other connections with the ports 5060, 9000, 45003, 45004, 45005, 45006 ... which are recognized by the Palo as the application stun, but they are blocked.

Do I have to build a custom application, in which I allow the various ports, or exists a separate stun application, where the individual ports are included?

What do I have to do, that the audio(Microphone) works properly - everything else from GoToMeeting works like a charm.

Thank you,

Julian_V

Re: GoToMeeting audio(Microphone) not working

BPry — Wed, 03 Jul 2019 16:09:04 GMT

@Julian_V,

Stun should only utilize tcp/udp 3478 if utilizing standard ports, and for some reason Palo doesn't include the default 5349 for TLS connections within that app-id. The 5060 port should be seen as SIP not stun. As for the other ports that shouldn't actually be related to GoToMeeting.

Take a look at how the 5060 and 5061 traffic is actually being identified and if it is all getting allowed. That would be the ports utilized for actual audio.

Re: GoToMeeting audio(Microphone) not working

Julian_V — Thu, 04 Jul 2019 08:44:18 GMT

Thank you for your answer @BPry

For some reason if one ouf our users uses GoToMeeting, I see under the "Monitor tab", that the Port 5060 with the detected application stun is blocked. So our Palo detects this connection as if stun is used, not sip.

I created a custom application for stun audio, in which i allowed the port 5060 (tcp and udp). I created a security policy and added that custom application and the said user to it.

The traffic from port 5060/stun is still blocked. Can I simply add the Port 5060 to the app-id stun and lets say simply allow a connection on port 5060 when the application stun is detected?

Can you give me the best way and describe on what to do?

Thank you,

Julian_V

Re: GoToMeeting audio(Microphone) not working

BPry — Fri, 05 Jul 2019 02:23:48 GMT

@Julian_V,

Do you have the latest version of Application and Threats installed on your firewall or are you running something that is outdated? You can't add an additional port to a built-in application like stun; how exactly did you create the custom application, If I would have to guess your signature you attempted to create was incorrect or you didn't create a signature so it wouldn't have been identified as your custom app-id.

To allow any instance of stun on 5060 you would need to create a security policy with the app-id 'stun' and then create two service objects, one for tcp/5060 and one for udp/5060, and utilize the new service objects in your security policy instead of application-default. I wouldn't recommend doing so, as you still need to deal with the fact that it isn't identifying traffic correctly anyways.