SRX

 View Only
last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  RTP traffic over packet-mode leads to phone service blanking

    Posted 02-25-2023 09:06

    Hi everyone,

        I'm working on optimizing our hosted voice service performance at our SRX. The hosted voice service vendor provided ip blocks corresponding to SIP-UDP, SIP-TCP and RTP-UDP traffic; I've configured CoS for all three.

    Next i've setting UDP traffic to be processed over packet-mode. Placing RTP-UDP traffic over packet mode causes the call to loose all sound, calls can still be placed and after answered there is no sound.

    Any ideas as to what may be causing voice service to go blank after enabling packet-mode for RTP-UDP traffic?

    Thanks!



    ------------------------------
    AMILCAR MARTINEZ
    ------------------------------


  • 2.  RE: RTP traffic over packet-mode leads to phone service blanking

    Posted 02-26-2023 20:06

    Could you share what configuration you changed?

    I'm only familiar with packet mode being a global setting and not per protocol.  Typically for voice protocols like this in flow mode we would be turning on ALG per policy for the affected traffic protocols.



    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
    http://puluka.com/home
    ------------------------------



  • 3.  RE: RTP traffic over packet-mode leads to phone service blanking

    Posted 03-01-2023 11:25

    I've enabled packet mode through an input firewall filter (not a security policy) at both inside and outside interfaces. At the interfaces, if traffic matches the desired UDP traffic, i set packet mode at the then clause.

    This is the firewall filter term used for SIP UDP traffic, if i do the same for RTP UDP the phone is completely silent during a call:

    from {
        source-address {
            X.X.53.174/32;
            X.X.20.174/32;
        }
        protocol udp;
    }
    then {
        packet-mode;
        forwarding-class expedited-forwarding;
    }

    We previously tried enabling SIP ALG, and we had security policies allowing traffic from the vendor specified IP addresses and ports, but performance didn't improve. We did not, however, enable SIP ALG through the security policy i assumed that once it was enabled globally it would due it's magic in the background. How would i enable ALG (i assume it would be SIP) at the security policy?



    ------------------------------
    AMILCAR MARTINEZ
    ------------------------------



  • 4.  RE: RTP traffic over packet-mode leads to phone service blanking

    Posted 03-10-2023 05:06

    In addition to the ALG being enabled on the SRX the policy must be written to have the ALG matching application as the allowed traffic.  Only when the policy is hit with a matching application with the ALG then kick in to allow the application specific behavior.



    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
    http://puluka.com/home
    ------------------------------