Screen OS

Hi!

Is it possible to send video traffic over the SIP ALG?

Someone hinted that my predecessor already tried getting video over SIP to work but our firewalls were not able to handle it at the time.

I only recently started working with ScreenOS firewalls (SSG320M) thus I am pretty inexperienced and I do not know if there have been any changes since.

Is it possible?

If so - how does it have to be configured? 

Thanks in advance!

Regards 

  Lasdorf

Hi,

If you call SIP service in the security policy then It will already have the SIP ALG:

-> get service sip
Name:       SIP
Category:   other          ID:  0   Flag:  Pre-defined   Session-cache:   Disabled
Transport    Src port     Dst port   ICMPtype,code  Timeout(min|10sec*) Application
udp           0/65535    5060/5060                         1         SIP
tcp           0/65535    5060/5060                        30         SIP

--> get alg    and check if SIP alg is enabled.

Depending on the ports in the SIP INVITE the firewall will be opening the dynamic ports, NAT gate etc.  Is your video part of the SIP call ? Any NAT involved?

May be be you check in the debugs where it's failing : https://kb.juniper.net/InfoCenter/index?page=content&id=KB22365

Other docs for the reference : https://kb.juniper.net/InfoCenter/index?page=content&id=KB9093 , https://kb.juniper.net/InfoCenter/index?page=content&id=KB7407&act=login

If it still doesn't work please let us know the complete call flow and where exactly it's failing.

Thanks,

Vikas