SIP Polycom Video Conference Drops

Created On 09/25/18 17:51 PM - Last Modified 06/07/23 07:21 AM



The SIP traffic gets dropped after a two hour session and needs to be reconnected. At the two hour mark, the keep-alive packets are dropped for TCP port 5060.



If the firewall does not see traffic on an established session, it will continue to downcount the session Time-To-Live (TTL). When the TTL expires, the session is cleared on the firewall which causes the connection to terminate.



Increasing the timeout value of that custom application will enable the Polycom conference calls to maintain their session uninterrupted for longer periods of time. Perform the following steps to increase the timeout value of the custom application:

  1. Go to Objects > Applications and click Add > Configuration to create a custom application for TCP port 5060

  2. In the Advanced tab, configure the Timeout values for that custom application only to 604800.

  3. Go to Policies > Security to allow the custom application:

    Note: Custom applications take precedence over predefined applications (including new applications released in content updates) for matching traffic types when the traffic matches both a custom and local pattern. This is also true for VSYS specific custom applications (applications defined for individual VSYS).


owner: kadak

