VOIP Traffic is Being Dropped

VOIP Traffic is Being Dropped

Created On 09/26/18 13:49 PM - Last Updated 02/07/19 23:46 PM



Topology:  Call Manager------PAN------VoIP

Following an upgrade, the Call Manager is trying to send RST packets to the VoIP phones to re-initiate the connections. The firewall is not aware of the existing sessions and is dropping all the RST Packets.


The RST packets are being dropped on the Palo Alto Networks firewall as they are identified as "out-of-order", by the global counters.

To bypass the asymmetric path causing the RST drops, use the following command:

> configure
# set deviceconfig setting tcp asymmetric-path bypass
# Commit

A more detailed bypass can be configured with this command:

# set deviceconfig setting tcp asymmetric-path bypass

+ bypass-exceed-oo-queue   whether to skip inspection of session if out-of-order packets limit is exceeded

+ check-timestamp-option   whether to drop packets with invalid timestamp option

+ favor-new-seg            whether to favor new segments when overlapping happens

+ urgent-data              clear urgent flag in TCP header

owner:  kalavi

  • Print
  • Copy Link


Choose Language