06-11-2016 11:06 PM
It seems that I can not seem to get the voice chat in Blizzards over watch to work through a PA.
So as a test i put TCP ports 1119, 3724, 6113, 80, and udp 26503-36503 and 3724 forward through allowing any app, to the PC running the game. Still didn't make a differance. Not sure if anyone has a PA setup with users playing games behind it or not, just wondering if anyone else has run into this issue.
Cheers,
06-13-2016 07:30 AM
Hi,
You can always request a signature be made for this application:
https://live.paloaltonetworks.com/t5/Management-Articles/How-to-Request-a-new-App-ID/ta-p/60834
In the mean time, try creating a temporary 'allow all' rule for your source IP and play the game to see what ports, urls & applications hit this rule. Then create a new rule based on what you discover.
Make sure you log the rule and have a url filtering profile attached set to alert.
hope this helps,
Ben
06-13-2016 09:24 AM
Yeah so this is the odd thing, i have put in an wide open rule. I have allowed all through and set the application default to any, and it still seems to clip on the outside. It seems very odd to me.
I have requested the application into the new app id allready.
06-14-2016 12:38 AM
some voip implementations could be flak. is the voice chat being identified as something specific? you may need to disable the ALG on the application level
It's also possible that without a proper signature (while it is being created) you need to set static bi-directional NAT and allow some inbound ports to your IP
06-15-2016 09:53 PM
Yeah so here is the crazy thing, i did a bi-directional NAT and and opened the firewall wide up (not too worried it's a home device use for testing before putting in production) and it still clipped the voice data on it. I run the PC direct of the ISP no problem. Put the PA in wireline and same thing. It's super odd. I would have thought a bi-direction with wide open rules would work. Also made sure it wasn't application default but application any.
06-17-2016 01:45 PM
Sounds like you are hitting one of the ALG setups probably a VOIP one. What do the logs say for the permitted traffic? This might help see what needs to be turned off or put in for override.
12-18-2017 01:19 AM
Disabling ALG made it work for me.
12-19-2017 06:11 PM
@erikda Have you open a case with TAC? We have a case with TAC now to have them look into why in game chat is not working. I would suggest to open a case with TAC from your end as well, PAN will get this issue resolve.
12-21-2017 03:09 PM
We had a troubleshoot session with TAC. The workaround is setup an application override for traffic using UDP port 6250.
We are requesting an overwatch appid. No ETA yet. stay tune.
12-22-2017 12:31 AM
Again, for me the solution was to disable ALG for application sip.
Voice now works in Overwatch, and Playerunknown's battlegrounds.
12-22-2017 08:46 AM
Hi erikda,
Understood, in our environment, if we disabled the SIP application ALG, it will break other VoIP applications.
happy holidays,
12-22-2017 09:08 AM
Disabling the SIP ALG under Objects / Applications / SIP, disables it for the entire firewall.
Using an Application Override (while doing some other things) also has the effect of disabling the SIP ALG.
Both methods are acceptable workarounds depending on your environments.
08-07-2018 12:36 PM
Just to bump this thread... On SW version 8.0.10, that was the fix for me as well. Override SIP-ALG and it should work fine.
10-17-2018 12:14 PM
It worked for me as well. Thanks for posting your solution! Objects->Applications->SIP->ALG->Customize->Disable
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
