SRX Services Gateway
SRX Services Gateway

Junos upgrade path and ALG problems

10.12.17   |  
a week ago

Hi,

 

We use Polycom video conferencing. We have a video conferencing unit at the edge site behind an SRX-210 firewall running Junos 12.1X46-D40.2. This runs an ipsec VPN back to an SRX-210 firewall at the main site, which is running Junos 12.1X44-D15.5. There is no NAT.

 

I have tried turning the ALG's off at both ends and also tried with them on, but in both scenarios either the video call will not establish or there is missing audio or video. The rules are completely open at both ends and all other data traffic flows over the VPN ok.

 

My last option was the upgrade the firmware on the firewalls to the latest version, but I need a version where the ALG is working. Also, I cant seem to find any documentation on upgrade paths, so I need to know which interim updates I need to install, in order to get to the latest version of Junos where the ALG is fixed.

 

Thanks,

Mark

1 REPLY
Highlighted
SRX Services Gateway

Re: Junos upgrade path and ALG problems

10.12.17   |  
a week ago

Recommended Junos version depends on your SRX210 model:
SRX210B/H/BE/HE        Junos 12.1X46-D65
SRX210HE2        Junos 12.3X48-D40

https://kb.juniper.net/InfoCenter/index?page=content&id=KB21476

In both cases you can update directly to the latest recommended version.

Have you tried to explicitly add application junos-h323 to your security policies?

What does show security alg h323 counters show?

 

Regards, Wojtek