This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

SIP traffic being dropped in drop.pcap on the PA with PAN OS version 10.2.4-h2

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

SIP traffic being dropped in drop.pcap on the PA with PAN OS version 10.2.4-h2

Didar_Bajwa
L1 Bithead

‎07-27-2023 04:37 PM - edited ‎07-27-2023 04:41 PM

SIP traffic is not working properly, we recently upgraded to PAN OS version 10.2.4-h2 and seeing issues with multiline calls

 

Steps taken:

ALG is disabled, we have already created SIP-override and RTP override but no luck.

@Param_Upadhyay @UtkarshKumar 

We then did a packet capture and found that SIP traffic flow completes fine and call works fine but when user tries to add any other user, we see a Re-invite from CUCM IP to the device IP generating the call and that traffic is being dropped in the firewall drop.pcap.

 

Didar_Bajwa_1-1690500469057.png

 

Now, as per the wireshark logs, we suspect this to be a MTU issue as payload is around 1511. As a workaround, we have removed information from the SIP profile to reduce it's size and as expected that has resolved the issue. The info I removed is display/party information so effectively I've disabled caller ID.While technically leaving it disabled is not a solution

 

But this was working fine without any issues on the previous version , so why it is being dropped in drop.pcap now on a higher version.

 

So, looking for some suggestions or insights if anyone else is facing the same issue.

 

1 person had this problem.
0 Likes Likes
2 REPLIES 2

aleksandar.astardzhiev
Cyber Elite
Cyber Elite

‎07-28-2023 05:49 AM

Hi @Didar_Bajwa ,

The best way to understand what could be the reason for the dropped packets is to check the global counters - https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CloNCAS

What is the output of the global counters?

0 Likes Likes

Didar_Bajwa
L1 Bithead
In response to aleksandar.astardzhiev

‎07-28-2023 07:18 AM

nothing in the global counters

0 Likes Likes
  • 1320 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks