I have a CME in my central site connected directly to a Checkpoint firewall with internet connection. I have a remote site with IP Phones trying to register to the CME using a L2L VPN between sites.
I had a watchguard firewall before and I was having the same problems, the IP Phones register and then they reset several times a day. I don't know if theres a parameter or timeout that needs to be changed in order for the phones to wrk correctly.
Anybody with the same problem?
Phones unregistere if either SCCP or TCP keepalive timeout for IP Phone. Obviously, eeither packets are being lost/blocked/delayed when firewall is in picture. For a permanent you might want to work on Firewall and capture packet capture from Phone, Firewall and CME.
Any time the phone sends a TCP packet to the CME and does not receive a TCP Ack, The phone will retransmit the packet at decreasing intervals until the session is timed out (phone sends TCP RST) and at that point the phone will unregister.
The SCCP keepalives are sent at regular intervals, based on a value presented to the phone during registration (30 seconds by default). If the phone gets a TCP ack for the keepalive, but no SCCP keepaliveAck from the CME then you can get into the situation where the phone unregisters due to keepalive timeout (after 2 or 3 such missed keepaliveAcks).
So a phone can unregister because of either TCP timeout or SCCP timeout. You can not control TCP timers but can change SCCP timeout.
Under telephony-service increase SCCP timeout from a default of 30 seconds to something more.
If the phone is getting unregistered due to TCP timeout, then you need to fix the issue with firewall first. Above will only increase SCCP keepalive timer.