[Asterisk-Users] Out of State

Kristian Kielhofner kris at krisk.org
Tue Dec 14 18:23:58 MST 2004


Norman Zhang wrote:
> Hi,
> 
> My firewall allows the first SIP packet out from * (running NAT), but 
> then it follows by dropping it saying "SIP Reason: SIP Validator: Out of 
> State." May I ask how can I solve this?
> 
> Regards,
> Norman Zhang

Norman,

	With not much to go on, I am guessing that you have some commercial 
firewall product - i.e. Checkpoint or something that actually has a 
module called "SIP validator".  Honestly, your best bet is to turn that 
feature off and utilize more conventional port-based protection.

	I once was helping some people in a very large organization (on behalf 
of another client) that dropped some obscene amount of money on some 
Checkpoint product that had a broken FTP protocol module.  Like a lot of 
these things, it assumes that it is smarter than you are (like Windows) 
and tries to use canned rules for everything application out there. 
They turned it off and things started working the way they were supposed 
to.  I would look for a SIP module or "application" on your firewall, 
disable it and try again.

	Also, a little more information never hurts (but I was glad to rant 
about Checkpoint for a while)!

--
Kristian Kielhofner




More information about the asterisk-users mailing list