RTP or SIP traffic is Not Hitting The Expected NAT Policy

RTP or SIP traffic is Not Hitting The Expected NAT Policy

6799
Created On 03/29/22 19:38 PM - Last Modified 06/05/23 21:18 PM


Symptom


  • Source NAT Policy is being used.
  • This NAT policy is modified to use a new Translated IP address.
  • RTP or SIP traffic continues to apply the previous NAT policy instead of the updated NAT Policy.

Environment


  • Palo Alto Firewalls
  • Supported PAN-OS
  • Voice over IP is enabled with H.323, SIP, SCCP
  • ALG is enabledĀ 

Cause


The mapping in the appinfo2ip table uses the cached information instead of the new NAT policy.

Resolution


Clear the appinfo2ip table by runningĀ  the following command
  1. PAN-OS versions below 10.0.
>clear appinfo2ip
  1. PAN-OS versions 10.0 and above.
> debug dataplane appinfo clear
  1. New RTP traffic should now take the new NAT policy and create a new appinfo2ip mapping.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000oNUJCA2&lang=en_US%E2%80%A9&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail