17 Jun
2008
17 Jun
'08
2:46 p.m.
as i understand from checkpoint they have some kind of SIP table that
saves the clients call ID, source IP, source Port, destination IP and Port.
they checking to see if it's a SIP message form the client and saving it
in the table.
and In order to answer the client i have to reply only to port 5060
because they are not allowing any other ports through the FW.
David.
Jan Andres wrote:
On Tue, Jun 17, 2008 at 05:31:46PM +0300, David
Lubarski wrote:
but i need to response to port 5060 and not the
source port , i'm not
using rport, i also talk to CheckPoint service and they claim that they
are working according RFC 3261, and that my SER server should reply to
port 5060
SER replies to the address and port found in the topmost Via header of
the request. This is exactly what is required by RFC 3261. As there
is no NAT involved in this case, this is definitely the correct
behaviour.
If SER just sent the reply to port 5060 the client wouldn't know what to
do with it as it is expecting a reply on the port from which it sent its
request. (It _is_ possible to configure it this way, but as said this
wouldn't buy you much.)
Maybe Checkpoint service is trying to tell you that you should configure
your _client_ to use 5060 as its source port. This, too, is in no way
required by RFC 3261 but maybe it is required by Checkpoint's interpretation
of it. I'm not a Checkpoint expert.
Just my $0.02...
Regards,
Jan