Hi JPSEC,
- First thing to do on such cases related to Softphones/VOIP Phones
- Be on Juniper recommended Junos version First
- Disable ALG if they are NAT'ed
- If you have test devices ( with Source and Destination IP),you can also see the packets with the flow traceoptions as well
https://kb.juniper.net/InfoCenter/index?page=content&id=KB32586&cat=SRX_3600&actp=LIST
In order for you to clearly capture,please configure on your machine the below configuration
set security flow traceoptions file voip-trace
set security flow traceoptions file size 10m
set security flow traceoptions file files 5
set security flow traceoptions flag basic-datapath
set security flow traceoptions packet-filter outgoing-audio protocol udp
set security flow traceoptions packet-filter outgoing-audio source-prefix x.x.x.x
set security flow traceoptions packet-filter outgoing-audio destination-prefix y.y.y.y
set security flow traceoptions packet-filter incoming-audio protocol udp
set security flow traceoptions packet-filter incoming-audio source-prefix y.y.y.y
set security flow traceoptions packet-filter incoming-audio destination-prefix x.x.x.x
commit
- Either check it on the SRX itself
show log voip-trace
See if there is any drops
*** FYI This flow traceoptions might consume your CPU if you leave them on so you need to deactivate it once you captured the packet(The above KB link will help on how to do that)
Thanks,
Sintayehu Garedew