Norman Zhang wrote:> Hi,
>
> My firewall allows the first SIP packet out from * (running NAT), but
> then it follows by dropping it saying "SIP Reason: SIP Validator: Out
of
> State." May I ask how can I solve this?
>
> Regards,
> Norman Zhang
Norman,
With not much to go on, I am guessing that you have some commercial
firewall product - i.e. Checkpoint or something that actually has a
module called "SIP validator". Honestly, your best bet is to turn
that
feature off and utilize more conventional port-based protection.
I once was helping some people in a very large organization (on behalf
of another client) that dropped some obscene amount of money on some
Checkpoint product that had a broken FTP protocol module. Like a lot of
these things, it assumes that it is smarter than you are (like Windows)
and tries to use canned rules for everything application out there.
They turned it off and things started working the way they were supposed
to. I would look for a SIP module or "application" on your firewall,
disable it and try again.
Also, a little more information never hurts (but I was glad to rant
about Checkpoint for a while)!
--
Kristian Kielhofner