ScreenOS Firewalls (NOT SRX)
Reply
Visitor
tape
Posts: 2
Registered: ‎09-03-2010
0

SSG5 - Enable HD Video Softphone for Incoming Calls

Hi,

 

I am trying to get this HD video softphone working behind a SSG5 router, however I can only make calls to another H.323 device but not vice versa. I have already enabled the ports specified by the software through policies, and have port forwarded them to the client with the HD video softphone.

 

The steps I did were taken from http://www.howtonetworking.com/Routers/ssgportforward0.htm which involved:
- creating a custom object
- creating a policy
- creating a virtual IP

 

Does anyone know if I am missing any steps or configurations to enable incoming calls through the firewall?

 

Thanks.

 

Distinguished Expert
firewall72
Posts: 825
Registered: ‎05-04-2008
0

Re: SSG5 - Enable HD Video Softphone for Incoming Calls

Hi,

 

I would try two things.  First, trying disiable the H323 ALG using "unset alg h323".  If that doesn't work, try debugging the traffic to/from the device with a flow filter.  I would check for "denied", "packet dropped" and incorrect NAT in the output.

 

set ff src-ip x.x.x.x

set dst-ip x.x.x.x

debug flow basic

clear db

<test by making a call>

undebug all

get db str

 

x.x.x.x = your device making the call

 

-John

John Judge
JNCIS-SEC, JNCIS-ENT,

If this solves your problem, please mark this post as "Accepted Solution". Kudos are appreciated.
Visitor
tape
Posts: 2
Registered: ‎09-03-2010
0

Re: SSG5 - Enable HD Video Softphone for Incoming Calls

I did the first suggestion and disabled the H.323 ALG, however it effected our outgoing calls because we would lose both video and audio but can still establish a connection.

 

Secondly I tried adding the flow filter but no output was made when I tried to make an incoming call from outside our network. It seems like the incoming calls doesn't make it through the firewall even though I have set the policies and port forwarded the ports (w/ multi-vip) to the end-point.

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.