UDP Conversations for VOIP

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

UDP Conversations for VOIP

Not applicable

Hi All;

I have an outside VOIP server running H323.  The phones internally use a keep-alive mecahnism over UDP 5000 as a destination and varying source ports. 

The server on the untrust side of the firewall will send the same keep-alives in response. This is known by some firewalls as a UDP conversation or sometimes is necessary in transparent mode. 

The service drops connections if the packet is not returned by the server to the phone.  To the PA by default the service appears to initiate a connection from Untrust to Untrust as a response, though it should be part of the Trust (Phone) to Untrust (Server) communication as a response. 

On Cisco, Checkpoint and Juniper There are fixups for the protocols and an extension of for the timeout valuees for UDP that are necessary. 

Is there a way for me to allow these UDP conversations prevalent in voice communication over IP?

2 REPLIES 2

Not applicable

Hi All;  It turns out that the reason the second communication was showing as initiated from the VOIP Server was due to the UDP default timeout being 30 seconds.  To find out if this is the case with your installation on the command line goto:

show session info

UDP Timeout will show as 30 seconds by default.

If you then use "Application Override" you will be able to adjust the TCP, UDP and other timeouts for the application, in my case the specific VOIP app.

I also found it helpful that should the connections stay open that show session info told me that at 80% of the allowable number of sessions (in a PA500 this is 65000), the timers will be halfed, saving me the problem of sessions bogging down the system if too many are open.

This feature is important as something like a Syslog server that matched the application override would produce millions of open (and staying open) UDP connections.

Anyway, Pen Name Manuel OUT!. 

Not applicable

The help desk did all the work on the answer, I just put it with my post for everyone!

  • 3203 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!