10-13-2022 01:45 AM - edited 10-13-2022 01:46 AM
Hi,
We are having a issue with RTCP traffic. The RTCP traffic is jumping the rule configured for this and matching the last rule (bypass).
The filter for the correct rule is application rtcp. We see that the application is identified but sometime is matching the correct and most of the times the last rule.
I attach the screenshots with the logs.
what could be the reason? Its not about the first packet is taking the less restrictive rule because the app is being identified in all the moment,
Please note you are posting a public message where community members and experts can provide assistance. Sharing private information such as serial numbers or company information is not recommended.
10-13-2022 07:52 AM
So even though RTCP is documented as udp/dyanmic, I've had similar issues when using application-default instead of any or a custom service range. I'd test if you get the same behavior setting the RTCP traffic to use any service to your telco host(s). If you have anything other than RTP/RTCP traffic in this rule I'd personally separate the traffic out so that only RTP/RTCP isn't limited to application-default.
10-17-2022 05:03 AM
We already tried to put "any" in service (not app-deafult) but the some sessions are jumping the rule.
10-18-2022 09:23 AM
Hello,
What code version are you running? I have some 5220's running 10.1.6-H3 and am seeing the same issue. Think its a bug and waiting another week to go to 10.1.7.
Regards,
10-19-2022 12:54 AM
Do you have the bugID for this issue? i would need to confirm it. thanks
10-19-2022 07:23 AM
Hello,
I do not. I have a case opened however. Will check to see if 10.1.7 resolves the issue.
Regards,
10-21-2022 07:11 AM
Hello,
I read the release notes for 10.1.7 and there is a fix for the following:
|
PAN-194408
|
Fixed an issue where, when policy rules had the apps that implicitly depended on web browsing configured with the service application default, traffic did not match the rule correctly.
|
Not sure if its the issue you are facing, but worth a read.
Regards,
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
