Ok. So, I'm running the 5.0.10 PAN. We are in the middle of a Polycom installation. Internal traffic within the polycom system is working fine (since no FW is in place). The problem is of course the outside users. We are using NAT for external stuff. I created a single Inbound rule (Untrust->trust) to the RPAD server. No Applications selected. Instead I specified all the port numbers as custom services and attached them to the rule.
When a user tries to connect, the call is connected and the user is registered. However, no media/content would go through. As a side note, SIP works external, but not H.323.
-Frank - West Chester University
Solved! Go to Solution.
Is your end device Call server/PBX is NAT aware..? Is there a predict session available from the signaling session...?
I would suggest you to enable packet capture for ingress and egress on the PAN firewall just to see, the Layer-7 Payload and how it modified by PAN.
Please find below few related discussions:
So, we got it working. Application Override is where we had to go. We setup an application "Polycom" and put ALL the tcp/udp ports required to connect to the RPAD system. Then I put 4 application over-ride policies in place. 2 for Outbound from the RPAD (TCP/UDP) and 2 for Inbound (TCP/UDP) both pointing to the "Polycom" application Object I made earlier.
I then had connections made and verified through the traffic log that the inbound/outbound traffic was being IDed as "Polycom" not H323, SIP, etc... Dials were made and media was connected.
Thanks for your update here. If app-override solved the problem here, it means the PAN FW was changing the payload information from the layer-7 which was not acceptable for your end server. Hence, your end server/call manager/PBX is a NAT aware box.
This type of situation could handle in 2 ways:
a. Make the end system, NAT aware and create an application-override in PAN firewall for signaling and media traffic.
b. Make the server as a legacy device (no NAT aware) and do the pinholing at the PAN firewall.
Hope this helps
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!