This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

A very weird Behavior on SIP traffic traffic reversing back to the same egress interface

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Content translations are temporarily unavailable due to site maintenance. We apologize for any inconvenience. Visit our blog to learn more.

A very weird Behavior on SIP traffic traffic reversing back to the same egress interface

Esameldin
L1 Bithead

‎01-01-2025 04:50 AM

Hello everyone , im seeing a very strange behaviour in my pa-445 version 11.1.4-h7 firewall , where i have an interface on the firewall which is a gateway to my voip devices , the same firewall connects to the voice server through an ipsec tunnel interface , so the traffic flow is like this , voice subnet to firewall and then from firewall to voice server through the tunnel , however on logs i see that the same voice subnet is entering the tunnel interface as "source" & with the "source zone" since its hitting this tunnel interface and ofcourse its denied since the allowed rule is from branch "voice zone" to "hq zone" , however im only seeing this for voice subnet and only on SIP application .

i would really appreciate any help & thanks

0 Likes Likes
2 REPLIES 2

JayGolf
Community Team Member

‎01-02-2025 03:22 PM

 

Hi @Esameldin ,

Just to confirm, are you saying that the SIP traffic from your voice subnet is being incorrectly processed as originating from an unintended zone, rather than the local voice zone? If possible, could you please share screenshots (with IPs blurred out) to help us further investigate the issue?

LIVEcommunity team member
Stay Secure,
Jay
Don't forget to Like items if a post is helpful to you!

Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.
0 Likes Likes

Esameldin
L1 Bithead
In response to JayGolf

‎01-02-2025 08:37 PM

Hello @JayGolf ,

 

yes the traffic is actually generating from the supposed egress interface , its like sent packets are just coming back to the same interface it left , and on the HQ (destination) firewall i have no such logs so traffic is not being generated from HQ, please refer to the below screenshot

On the below screenshots you will find the ingress and egress interfaces , and also normal legal traffic , & the unusual traffic (as per the routing table when traffic is hitting the HQ interface its redirected back to HQ ) & so its denied by zone policy

Direct;y Connected Voice interfaceDirect;y Connected Voice interfacehq-interface.pngsip-legal-trafficsip-legal-trafficsip-illegal-trafficsip-illegal-traffic

0 Likes Likes
  • 229 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks