We have been using your security Gateway Version 7.508 (VPN and Web-security) for a few years now. We are having a problem in setting up a new VOIP service on our LAN. We need to configure a SIP Trunk out in addition to various other VOIP services that are running on the same system already. We have gone through your tutorial and it seems like the VOIP service that we are trying to configure has a problem with the firewall and we cannot hear the called party even though the Voice Packets reach the destination and the service provider can hear the called party, but we cannot. This is very frustrating and equivalently embarrassing.
We have explained in details the set up on our LAN for your information and look forward to hear from you in return ASAP.
1. LAN A is NATed behind the GATEWAY-A (Security Gateway v.7.508) and through the secure tunnel to GATEWAY-B (Security Gateway v.7.508) and then through the internet to the service provider.
LAN A>>>>|Gateway A>>>>>>> (secure tunnel)>>>>>Gateway B|>>>Internet
2. A SIP PBX-SwitchVox SMB 4.6 is configured on LAN A and is already configured to work with various SIP accounts with various providers, however when trying to set up a SIP trunk out the firewall drops the calls.
3. The SIP Proxy on Gateway A is inactive.
4. The Security Gateway B is configured as below:
a. Definitions:
i. Networks:
1. Network definitions for all service providers have been defined. Some as Hosts, some as Network Group, according to the information provided by the service providers. Some that require their NAT to be also defined have also been defined.
2. In addition a Host name for the SwitchVox has been defined
ii. Services:
For different VOIP providers and their different services, the UDP ports have been defined.
a. SIP Trunk Out:
UDP 5036 1:65535
UDP 4569 1:65535
UDP 2727 1:65535
UDP 10000-20000 1:65535
TCP/UDP 5060 1:65535
TCP 5061 1:65535
TCP/UDP 5082 1:65535
UDP 3478 1:65535
TCP/UDP 5004 1:65535
b. Other VOIP Providers:
TCP/UDP 5060 1:65535
TCP/UDP 5082 1:65535
UDP 3478 1:65535
TCP/UDP 5004 1:65535
b. NAT Masquerading is defined for the LAN
c. Packet Filter Rules were defined and activated allowing the SIP Trunk packets and giving them Top Priority in and out.
d. VOIP Security –SIP:
i. SIP Network:
1. SIP Trunk Networks (including all server IPs given by the provider to expect traffic from)
2. Other VOIP Providers SIP Server IPs
3. Internal Network
4. Switchvox SMB 4.6
ii. SIP Client:
1. SwitchVox SMB 4.6
2. Internal Network
We have made various tests, by adding all "SIP Server networks" to the SIP Client Networks and in some occasions like the configuration described above, before resetting the Gateway, both the SIP Trunk Out and the other VOIP Providers work without any problem, but as soon as they reset the gateway, the problem returns. The other VOIP providers work, but the SIP Trunk Out does not.
When the SIP Proxy is disabled, the SIP Trunk works but other VOIP Providers will not.
Can anyone help please?
This thread was automatically locked due to age.