we have a open ticket with TAC, but wanted to ask if anyone's seen this, we're in the testing phase of it, and one of the phone's traffic shows up in the logs as decrypt error in the end result, so that phone is not able to login to the mitel portal, tac also disabled the user-id policy to narrow it down(I have tried to add a app override already, but haven't tried to disable alg. They're in the process of researching it, but we have a deadline coming up.
thanks in advanced.
Here to echo what @OtakarKlier said. We use the same shoretel/mitel phones and the zone they are in does not get decrypted. To take it a bit further you can use NAC to make sure only phones are on that vLAN too.
Thanks for the reply, we tried to bypass decryption, but that didn't work, we're now have other issues on our phones, like we can't get to voicemail, I'm trying to work with tac, but the engr seems to be not sure of what's happening.
So basically we can get the phones to call in and out but some buttons like the user directory or voicemail has issues, it will say connection failed or connection to server lost when pushing some of those buttons, we're not doing any decryption at this time. Waiting on TAC to follow up, their supposed to run packet captures.
Nope, I've had an open ticket for a month now, TAC has been puzzled by this, even after looking at packet caps, they had me upgrade to pan-os9, they're starting to think nothing's wrong with the firewall and could be something misconfigured or on the mitel side.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!