SRX Services Gateway
Showing results for 
Search instead for 
Do you mean 
Reply
Regular Visitor
Posts: 8
Registered: ‎08-17-2016
0 Kudos

SRX240 in flow mode and SIP ALG issue

HI,

we are using a couple of SRX240 to route between sites and on each site we have some SIP applications running.

With the SIP ALG enabled we were noticing that packets were being dropped.

So after some googling I came to the conclusion to disable the SIP ALG entirely.

After this, these call flows were successful.

The only problem then, was that SIP "OPTIONS" were being dropped by the SRX and was not being routed further to its destination. I verfied this by doign some traceoptions on the SRXs.

Basicly I don't want the SRX to do anything with SIP, it just need to route the packet to it's destination.

 

For now, I workaround to get SIP OPTIONS working again, was to enable SIP ALG globally, and disable it per policy based on the source and destination IPs of the SIP call flows.

 

But we are still noticing some packet drops. and some SIP ALG errors in the messages log file.

My question is if there is any way while disabling SIP ALG globally will still keep SIP OPTIONS working?

Is this a bug in the software perhaps. I could not find anything in the release notes.

On one side we have a srx with 12.1X46-D15.3 and the other side with 12.3X48-D35.7.

 

Any help would be greatly appreciated.

Highlighted
Distinguished Expert
Posts: 1,861
Registered: ‎06-06-2011
0 Kudos

Re: SRX240 in flow mode and SIP ALG issue

Are you using STUN (client/server)? Consider user persistent NAT.

[KUDOS PLEASE! If you think I earned it!
If this solution worked for you please flag my post as an "Accepted Solution" so others can benefit..]
Distinguished Expert
Posts: 1,083
Registered: ‎08-29-2013
0 Kudos

Re: SRX240 in flow mode and SIP ALG issue

I would recommend you run sip traces and see if there is any specific errors reported ,

 

set security alg sip traceoptions flag all
set security traceoptions file SIP-traces
set security traceoptions file size 7m
set security traceoptions file files 2

Thanks,
Suraj
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too