I have our VoIP PBX set up with an IP on our external side via NAT. The policy is a simple static NAT from the internal IP to the external. I also have the correct security policies in place to allow SIP/RTP traffic to pass freely to and from the external IP address. The PBX server can be accessed via HTTP from outside our network, and my cell phone (using BRIA) can successfully register to the PBX.
However, whenever I make a call from outside, it will disconnect after seven (7) seconds when picked up. This happens every time without fail. I have tried tweaking around security policies, enabling application override, and altering the NAT rules.. nothing seems to help.
Can anyone give me suggestions? This setup worked perfectly fine on our old Juniper SRX-240B with the PA-500 in vWire. Ever since I swapped the PA-500 into being our gateway/firewall, it just won't do it.
More information can be provided upon request.
Over three hours on the phone to PA support this morning got it sorted.
My applictation override rules were not working, as they were pointing at predefined applications. Custom Apps for both SIP and RTP were created which then started to allow some RTP through.
We were still getting quite a few calls with no audio (some were coming through). The PA engineer discovered that this was due to us using the dynamic-ip-and-port option in our outgoing source translation. Changing this to static-ip fixed it.
Here's what my working setup looks like;
Application Override Rules;
Custom SIP Application;
Custom RTP/RTCP Application;
Hope this helps anybody experiencing similar problems. PA have taken a support dump, so may have a more elegant fix at some point.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!