09-03-2010 01:12 PM
I am trying to get this HD video softphone working behind a SSG5 router, however I can only make calls to another H.323 device but not vice versa. I have already enabled the ports specified by the software through policies, and have port forwarded them to the client with the HD video softphone.
The steps I did were taken from http://www.howtonetworking.com/Routers/ssgportforward0.htm which involved:
- creating a custom object
- creating a policy
- creating a virtual IP
Does anyone know if I am missing any steps or configurations to enable incoming calls through the firewall?
09-06-2010 08:40 PM
I would try two things. First, trying disiable the H323 ALG using "unset alg h323". If that doesn't work, try debugging the traffic to/from the device with a flow filter. I would check for "denied", "packet dropped" and incorrect NAT in the output.
set ff src-ip x.x.x.x
set dst-ip x.x.x.x
debug flow basic
<test by making a call>
get db str
x.x.x.x = your device making the call
If this solves your problem, please mark this post as "Accepted Solution". Kudos are appreciated.
09-08-2010 07:35 AM
I did the first suggestion and disabled the H.323 ALG, however it effected our outgoing calls because we would lose both video and audio but can still establish a connection.
Secondly I tried adding the flow filter but no output was made when I tried to make an incoming call from outside our network. It seems like the incoming calls doesn't make it through the firewall even though I have set the policies and port forwarded the ports (w/ multi-vip) to the end-point.