Thursday, February 23, 2012

Check Point Blocking H323 Traffic (Part 2) - Explained

Hi all.  Today I wanted to go back to my first post that I put on this site:
I had stated a problem and solution, but I didn't really know why the solution was what it was.  Well, I happen to have a pretty good SE in my area now (one I actually have confidence in), and he explained to me why I had the problem that I had.  This below is what he wrote to me, and I thought Id put this out there for anyone interested.  Here is his explanation, which I happen to think is a very good one.  
I can tell you why this worked. Most likely, the H.323 service was not defined as a "Match for Any" service. When you said you had a rule allowing "ANY" traffic, it's not really allowing *everything*. It's allowing a class of services that are allowed to "Match Any".
So if you go to the Service properties for H.323 in R75.20 you'll see that the Match for Any is selected. This means it will match the "Any" service designation. I'm betting in your case it wasn't selected.
There is a reason Check Point does this and it has to do with it's protocol inspection.
  End Quote.

Well, he was right on this.  I didnt have that service as a "Match Any".  


  1. Thanks a lot, it is working now, I modified H323_any service!

  2. I have done this change, but still it doesn't work for me. Any ideas?

    1. Not sure right off. What version are you running? Also, make sure you push policy. I know you did i'm sure, just saying it out loud. :)

    2. Try change the protocol type to None. In our case it works.


Your comment will be reviewed for approval. Thank you for submitting your comments.