Anybody have any DECT R4 go down today? Checkpoint...?

[kyle555]

Had a customer with DECTR4 at a few different sites using a H323 trunk to CM. Don't know why, but it uses port 5120. The Checkpoint firewall downloads its automagic hotfixes from the internet last night and today decided that plain unencrypted h323 trunk traffic on port 5120 was actually old SSLv3 that must be blocked and stopped.

I'm more curious than anything... Has anyone ever seen a firewall update itself and get new definitions/signatures of naughty stuff for deep packet inspection and just had it arbitrarily knock out VOIP?

 

[holdmusic34]

yeah. sometimes carrier routers do this too and there's a scramble to identify and then upgrade the CPE (better than dealer with the drones at the call centre for the carrier).
If you dig deeper you'll probably find that the update is related to a security vulnerability that has been addressed to comply with an RFC standard.

Depending on the URI configuration the ICR can be completely ignored.

If your URI is configured to use internal data then the IP Office will look into the user's SIP tab and if you have *'s it will look into ICR.

A madman with a taste for speed.