Since Sept 2013 we are experiencing dropped VC (IP - H323) calls after 13m13sec (793 sec). We have 2 VC units (HDX 7000 HD - Release - 3.1.2-35267) in different physical sites and both have the same issue.
We have tested both units connecting to test sites and VC call gets dropped after 13m 13sec. We have increased the timeouts on all out firewalls with no luck and now need some assistance.
Anybody have experienced this before?
VJ, there is a Maximum Time In Call setting (under the System Settings section). The default is 480 minutes.
Network Security Devices such as Firewalls or Routers with security policies, are typically configured to close TCP and UDP Ports which are no longer in use or have become idle. This is done to free up port availability for other sessions as well as to protect the internal network from malicious attacks through open sockets.
H.323 devices (Endpoints, Gatekeepers and MCUs) use signaling defined by ITU-T H.225 to establish, maintain and disconnect H.323 calls. The initial signaling is done through TCP Port 1720. Once the call is established however, this port is typically not needed again until the call is disconnected. The TCP Port 1720 is considered to be open and active for the duration of the call by H.323 devices. However, since there is no data flowing through this port during the call, it can be seen as idle by network devices configured to monitor for idle ports. These idle ports can be closed by a network device that is unaware of the H.323 call state. These unaware devices are lacking an Application Layer Gateway (ALG) which is designed to understand H.323 call flow. There may also be configurations within the network device where idle ports are closed regardless if there is an H.323 ALG, to accommodate global security settings.
To help avoid premature port closure, many H.323 devices will periodically send a TCP Keep-Alive on TCP Port 1720.. The goal is to maintain an active port state through a network device configured for port timeout. The TCP Keep-Alive procedure used by most Polycom H.323 Devices is per RFC 1122. The default time of this keep-alive packet has historically been set for 2 hours to satisfy the interpretation of TCP port timeout in RFC-1122. However, many network devices use a default port timeout value that is much less than 2 hours (typically 30 minutes).
Default Keep-Alive Values:
HDX versions prior to and including v3.0.0 - Default 7200 seconds (2 hours)
HDX version 3.0.1 and later – Default 1800 seconds (30 minutes)
We have one HDX 7000 and one HDX 6000 in the same location, behind the same firewall.
Their versions are same; 3.1.3 we have upgraded them with the same update pup file. The older versions were 3.0.5. There was no such a problem before.
The hdx 6000 works good, but the hdx7000 drops after 13 minutes.
We have changed 7000's ip address to 6000's, to check the firewall rules etc.; the hdx 7000 drops with the hdx 6000's address also.
With internal IP address they can connect forever.
Can hdx 7000 behave differently than hdx 6000 with the same version?
Did you ever get a solution for this issue. We have very similar issue where we have the 793 second timout.
As soon as we upgraded to OS 220.127.116.11132 from 18.104.22.168.5205 (in April 2014). We started getting consistent complaints.
It affected all 12/12 of our devices that had up to that point worked perfectly fine on 22.214.171.124.5205... So I have reverted back to 126.96.36.199.52.5 which again work perfectly fine.
I have read in various places that Polycom have changed the Keep-alive in the code (Which we can't change) and that is inferred this is possibly the issue that has cause this problem... but your guess is as good as mine...
Our keep alive is 480 mins and we have ALG settings correct.
Any feedback from anyone is appreciated.
I'm not sure if this will help anyone however I thought I'd share some good news / work around :)
After having suffered this 793 second timeout for a long time and having to downgrade to 2.5 to avoid it I think I have found the solution.
I believe it is an issue actually with SIP and not H323.
You may want to try the following
Stage 1) Check your Polycom HDX 7000 Call settings.
Login via gui.
Diagnostics>Tools >Sitemap> Network> Call Preferences> UNCHECK SIP ( I just have H239 and H323 checked and prefferedspeed both 1920)
If this doesn't cure it straight then you may have to unset SIP ALG on your firewall.
Be carefull and be sure you want to do this as you may need it for other applications.
If on a juniper
Security>ALG> UNCHECK SIP > Apply.
Start a call on your Polycom. If you are like me thenit just works.... thank goodness.
All the best. I hope this helps or cures your situation.