Support Center > Search Results > SecureKnowledge Details
Early NAT is applied to SIP / MGCP traffic without any rules for such traffic Technical Level
Symptoms
  • Early NAT is applied to SIP / MGCP traffic without any rules for such traffic (there are no rules that contain these services).

  • Kernel debug ('fw ctl debug -m fw + mgcp') may show that Early NAT is performed on MGCP traffic, but then there is no line 'mgcp_standard_hide_nat is on, not doing undo early NAT'.
Cause

In certain situations, primarily unsupported configurations, users may attempt to bypass inspection by setting the "Protocol Type" in the MGCP service's "Advanced Properties" to "None".

Example:
Someone attempts to NAT the MGCP call agent, finding out it does not work (unsupported configuration), then trying to bypass the MGCP inspection, by setting the Protocol Type to 'None'.

When policy compiles, even though the Protocol Type in the service is set to 'None', there may be other service definitions in the policy that end up compiling the policy to enforce a Protocol Type on the port, in all rules...


Solution
Note: To view this solution you need to Sign In .