We recently upgraded from 6.1.4 to 7.0 prior to the upgrade all of the remote VOIP phones operated properly, however after the upgrade we were no longer able to receive external calls from anyone. IP phone to IP phone work fine but not able to receive calls off the network. Has anyone encounter this issue? Does 7.0 process the call setup between the gateway and Call Manager differently than 6.1.4?:smileyconfused:
Security policies are port or application based?
Do you see blocked traffic in log?
Play around (enable/disable) with SIP ALG inside sip application.
We have the polices setup as a service group with all the ports. The application is set for any the connection is coming between to palo alto fw via VPN tunnel work fine prior to the upgrade.
Sounds as though there are additional ports needed to receive calls from off the network phones. I'm not running Cisco VOIP so this may be of limited use to you.
What I did is setup a negate policy, blocking my custom VOIP ports (defined in an application override policy) along with rtp and sip protocols, to any hosts other than my VOIP gateways. Under that policy I created a deny and log (any application and service) destined for my VOIP gateway addresses.
This made it easy to expand TCP and UDP port ranges (based on what was being denied) until I got my phones working properly. The vendor docs port range recommendations were not quite correct so I had to mess around expanding port ranges a bit to get it sorted out.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!