Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 27 subscribers
  • Views 6090 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Avaya IP Office Small Community Networking Traffic

Adam Spooner

I am working on switching from Checkpoint firewalls to Sophos and am having some issues getting our Avaya IP Office phone system to work across our VPN tunnel to a remote location. All of the documentation from Avaya is that packet inspection needs to be disabled for this to work. On our Checkpoint we had to disable all packet inspection for H.323 for the phone system to work.

I have Checkpoint firewalls that currently handles 2 of our 3 remote facilities and I have my one facility on the new XG where I am having this issue, so the phone system configuration and subnets have not changed, I just swapped out the Checkpoint remote hardware with and XG105 and have an XG310 at my central office. All other traffic seems to work fine between the subnets where the phone systems are across the VPN tunnel.

I have disabled the h323 and sip modules ("system system_modules sip unload" & "system system_modules h323 unload") on the remote XG105 and the head office XG310. I have rules to allow all traffic and any service for the phone systems (screenshot included).

Has anybody had any success having an Avaya IP Office phone system set up across an IPsec VPN tunnel on an XG? Or is there any other options people know of for disabling any and all inspection on traffic for my phone system?



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    We had the same issue in the past. Try this procedure:

    1. Is there an IPS policy enabled on the firewall rules created for traffic between those networks?

    2. Is UDP flood enabled under Intrusion Prevention? (This is global).

    3. MicroApp discovery has been re-enabled by default in latest versions, so try checking if is on, and turn it off. If it is already off, please try turning on and off again with the following commands from the console:

    - console> system application_classification microapp-discovery show
    - console> system application_classification microapp-discovery on
    - console> system application_classification microapp-discovery off

    4. Disable two IPS features with the commands below:

    - console> set ips sip_ignore_call_channel disable

    - console> set ips sip_preproc disable

    5. You can check this settings with the following commands:

    - console> show ips-settings 

    - console> system system_modules show 

    - console> system application_classification microapp-discovery show 

    Regards

    Rodrigo

     
Reply
  • 0

    Hi,

    We had the same issue in the past. Try this procedure:

    1. Is there an IPS policy enabled on the firewall rules created for traffic between those networks?

    2. Is UDP flood enabled under Intrusion Prevention? (This is global).

    3. MicroApp discovery has been re-enabled by default in latest versions, so try checking if is on, and turn it off. If it is already off, please try turning on and off again with the following commands from the console:

    - console> system application_classification microapp-discovery show
    - console> system application_classification microapp-discovery on
    - console> system application_classification microapp-discovery off

    4. Disable two IPS features with the commands below:

    - console> set ips sip_ignore_call_channel disable

    - console> set ips sip_preproc disable

    5. You can check this settings with the following commands:

    - console> show ips-settings 

    - console> system system_modules show 

    - console> system application_classification microapp-discovery show 

    Regards

    Rodrigo

     
Children
No Data