SIP 流量被识别为 unknown-udp
4534
Created On 04/29/21 13:37 PM - Last Modified 07/03/25 04:43 AM
Symptom
- 传真呼叫失败时SIP流量被识别为 unknown-udp。
- 会话信息将 sip 流量显示为 unknown-udp
admin@Lab92-38-PA-VM> show session all
--------------------------------------------------------------------------------
ID Application State Type Flag Src[Sport]/Zone/Proto (translated IP[Port])
Vsys Dst[Dport]/Zone (translated IP[Port])
--------------------------------------------------------------------------------
6299 unknown-udp ACTIVE FLOW 172.16.100.10[5060]/vwire/17 (172.16.100.10[5060])
vsys1 192.168.100.50[5060]/vwire (192.168.100.50[5060])
admin@Lab92-38-PA-VM> show session id 6299
Session 6299
c2s flow:
source: 172.16.100.10 [vwire]
dst: 192.168.100.50
proto: 17
sport: 5060 dport: 5060
state: ACTIVE type: FLOW
src user: unknown
dst user: unknown
s2c flow:
source: 192.168.100.50 [vwire]
dst: 172.16.100.10
proto: 17
sport: 5060 dport: 5060
state: ACTIVE type: FLOW
src user: unknown
dst user: unknown
- 全球专柜确认App-ID正在认识到SIP作为未知 udp 的流量
admin@Lab92-38-PA-VM> show counter global filter packet-filter yes delta yes appid_proc 1 0 info appid pktproc The number of packets processed by Application identification appid_unknown_udp 1 0 info appid pktproc The number of unknown UDP applications after app engine
Environment
- PAN-OS 9.1.7
- 传真电话
- App-版本 8397-6642
Cause
SIP 流量被误识别,因为AppID功能无法识别SIP PRACK消息作为SIP数据包。
Resolution
更新至应用程序和威胁内容版本8410-6722或更高。