VOIP Traffic Disconnects Every 30 Seconds
Resolution
Issue
When a customer makes a VOIP call, the Palo Alto Networks device receives the INVITE and replies with the appropriate messages and sound when the other side answers. The phone receives these messages and the customer is able to maintain a dialog with the other person for only 30 seconds after which it disconnects.
Cause
SIP ALG (Application-Level Gateway) is a security component commonly found in router or firewall devices. This feature allows VoIP traffic to pass both from the private to public side of the firewall and vice-versa when using NAPT (Network Address and Port Translation). It inspects and modifies the content of SIP packets to allow SIP traffic to pass through the firewall.
The issue may be caused by a missing critical response to the INVITE handshake. If the corresponding ACK to the 200 OK is not received, it disconnects after approximately 30 seconds.
Resolution
Configure a custom application override for the rtp and sip traffic. (See How to Create an Application Override Policy)
For example:
The following two screenshots show a sample configuration of a SIP override policy:
The following screenshot shows a completed application override configuration:
Note: The custom application, "SIP-override", also needs to be allowed in the security policy.
owner: pvemuri