- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
10-03-2013 12:41 AM
I'm experiencing an issue with a connection to an external voip server.
Directly attached to a PA-500 ethernet port there is a patton (fxo voip appliance).
Now, I'm allowing any traffic to outside, any application.
When I surf from that interface I can access external sites, but the issue seems to be NAT.
Voip uses port 5060 udp.
I can see the packets reaching the external server (that I manage) and they are forwarded back, but on the PA they are not present.
I tried different NAT types, but none of them seems to be working properly.
Does anyone experienced the same issue?
Does anyone know how to solve the problem of udp coming back to the internal interface of the firewall?
Thanks to all of you,
Pietro
10-07-2013 10:45 AM
Please read this topichttps://live.paloaltonetworks.com/message/15066#15066
it could help you - try to use application override
regards
SLawek
10-08-2013 06:29 AM
The external server is well known by the patton.
It arrives and the landing packet reaches the target.
When the packet is sent back everything stops.
Now I'm trying the hint given by slv.
09-05-2014 07:45 PM
Last post on Oct 8, 2013 6:29 AM but I got the same issue and maybe it will help the next person
My Environment:
PA-500 with PanOS 6.0.4
External voip Server from nfon incl snom phones + patton.
Hints in other discussions:
Application override -> problem still exist
Bidirectional nat -> problem still exist
ALG disabled -> problem still exist
Packet capture -> I saw my packages in the "drop" log and after hours of stupid investigation, it was only the route back to my snom-clients. The crazy thing is that I was able to see all the outgoing traffic and everything looked fine but due to the misconfiguration of my route my packages were dropped and I was NOT able to see them in the Traffic monitor. Only a packed captured helped
I know this is not the global solution but maybe someone is using PAN OS 6.0.x and nfon as a voip provider too. (ALG possible!)
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!