ScreenOS Firewalls (NOT SRX)
Blogs
Discussion Forums
Programs & Events
turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Reply
Topic Options
tape
Visitor
tape
Posts: 2
Registered: ‎09-03-2010
0

SSG5 - Enable HD Video Softphone for Incoming Calls

Options

‎09-03-2010 01:12 PM

Hi,

 

I am trying to get this HD video softphone working behind a SSG5 router, however I can only make calls to another H.323 device but not vice versa. I have already enabled the ports specified by the software through policies, and have port forwarded them to the client with the HD video softphone.

 

The steps I did were taken from http://www.howtonetworking.com/Routers/ssgportforward0.htm which involved:
- creating a custom object
- creating a policy
- creating a virtual IP

 

Does anyone know if I am missing any steps or configurations to enable incoming calls through the firewall?

 

Thanks.

 

Message 1 of 3 (4,195 Views)
 
Reply
Trusted Expert
Trusted Expert
firewall72
Posts: 781
Registered: ‎05-04-2008
0

Re: SSG5 - Enable HD Video Softphone for Incoming Calls

Options

‎09-06-2010 08:40 PM

Hi,

 

I would try two things.  First, trying disiable the H323 ALG using "unset alg h323".  If that doesn't work, try debugging the traffic to/from the device with a flow filter.  I would check for "denied", "packet dropped" and incorrect NAT in the output.

 

set ff src-ip x.x.x.x

set dst-ip x.x.x.x

debug flow basic

clear db

<test by making a call>

undebug all

get db str

 

x.x.x.x = your device making the call

 

-John

John Judge
JNCIS-SEC, JNCIS-ENT, JNCIA-IDP, JNCIA-JUNOS

If this solves your problem, please mark this post as "Accepted Solution". Kudos are appreciated.
Message 2 of 3 (4,140 Views)
 
Reply
tape
Visitor
tape
Posts: 2
Registered: ‎09-03-2010
0

Re: SSG5 - Enable HD Video Softphone for Incoming Calls

Options

‎09-08-2010 07:35 AM

I did the first suggestion and disabled the H.323 ALG, however it effected our outgoing calls because we would lose both video and audio but can still establish a connection.

 

Secondly I tried adding the flow filter but no output was made when I tried to make an incoming call from outside our network. It seems like the incoming calls doesn't make it through the firewall even though I have set the policies and port forwarded the ports (w/ multi-vip) to the end-point.

Message 3 of 3 (4,097 Views)
 
Reply
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.