iphone voice over wifi not working????

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

iphone voice over wifi not working????

L1 Bithead

  I just upgraded from a 3000 series running 6.x to a 5220 running 8.0.4.   The moment I did this, voice over wifi stopped working for iphones using T-mobile or AT&T.   We can't test against Verizon because they won't default to wifi unless there is no cell coverage. 

  I know that if I set a policy at the end of my rules for allowing everything to the ip address of the phone, it works.  So I know that policy is affecting it.  But  tech support has not identified any rule that is responsible and truthfully, I really don't think any rule is responsible.  After all, I imported the same rules into the new firewal, so it really should be the same polices as when it worked prior to the upgrade.

   I really think this may be a bug wiht 8.0.4.  

 

I would especially like to hear back from others if on iphones, the voice over wifi feature works with 8.x systesms (in particular 8.0.4.  

  note: other colleges using 7.x say it is just fine for them.  Nobody has an ingress rule to allow it.  Just the egress rule "Allow the rest out" policy for all normal egress traffic.   So according to everyone, I should not need an ingress policy.  So why is it broken in 8.0.4?  I can get it working with an ingress policy, but I don't want to open up these protocols and never had to in the past.  Why is 8.0.4 not working when 6 and 7 do?

 

I would really like to know what others are experiencing.  Note: androids are not an issue.  This is just iphones to my knowledge.

 

Tim

3 REPLIES 3

L6 Presenter

Your issue is a bit confused. When your traffic is hitting catch-all rule, what can you see in the traffic logs (app, ports etc)?

Cyber Elite
Cyber Elite

@tyler,

Can you provide a little more info about what your catch rule actually looks like; I'm guessing application any service application-default correct? Are you decrypting traffic or not? All of that matters a great deal. 

 

I know that most utilize UDP 500 and UDP 4500 to simply create a tunnel for the call traffic to actually establish everything, which should fall under application-default if you are allowing such, although it could be getting blocked depending on what your policy actually looks like.

 

 

 

 

Update:  Tier 2 tells me that the reason for voice over wifi not working is because of teh new chipsets used on higher modesl such as teh 5220 and 7000 series firewalls.  They cannot decrypt the ipsec packets and hence, I now need an ingress policy to allow the handshaking to occure.  Older model firewalls will not have this problem.

Tim

  • 2151 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!