Support Support Downloads Knowledge Base Service Request Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[Archive] [ScreenOS] H.323/VoIP Traffic Not Passing Through the Firewall

0

0

Article ID: KB4472 KB Last Updated: 18 Jun 2010Version: 5.0
Summary:
H.323/VoIP Traffic Not Passing Through the Firewall
Symptoms:

Solution:
noteThis article applies to ScreenOS 4.0 and above.

If an H.323 VoIP connection is open for a short time, and then suddenly disconnects, it could be an issue with the H.323 implementation that is being used by the VoIP application.

To verify that this is an issue with the H.323 implementation, perform the following steps:

Open the Command Line Interface (CLI). For more information, go to Accessing the Command Line Interface Using Telnet.

From the CLI, enter the following command; press ENTER.
debug h323 all

In the resulting output, look for a message that states 'Unknown H.323 Packet Type'. This indicates the client H.323 implementation that is not fully supported by your NetScreen device. You will want to disable the ALG function for H.323. This will still process H.323 traffic securely, but will not process the ALG re-assembly.

## 16:16:49 : Q931 - User Info - Not implemented
## 16:16:49 : Q931 - Notify - Not implemented
## 16:16:52 : Q931 - User Info - Not implemented
## 16:16:52 : Q931 - Notify - Not implemented
## 16:16:56 : Q931 - User Info - Not implemented
## 16:16:56 : Q931 - Notify - Not implemented
## 16:17:00 : Error!!! - Unknown H.323 Packet Type(0x28), uLength(0), uLenLen(1), BufLen(42)
## 16:17:00 : Invalid IE - type(0x0), len(8), pack(50), hdr(0), data(0)
## 16:17:00 : Error - Invalid packet - dropped.
## 16:17:00 : Error - Cannot process packet.
## 16:17:27 : Q931 cookie id 125

To configure a workaround for this issue, open the WebUI. For more information on accessing the WebUI, go to Accessing Your NetScreen Using the WebUI.

From the NetScreen options menu, click Policies.

Image of step four

From the VoIP policy, click Edit.

Image of step five

From the Application drop-down menu, click to select Ignore.

Image of step six

Click OK.

Image of step seven



Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Security Alerts and Vulnerabilities

Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search