[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NAT state not deleted after IP change (DHCP)



Hi,
>
> Try 'set optimization aggressive' which removes state entries quicker.
That does not resolve the problem. I investigated some more effort:
The SIP-Phone sends every 25s (default) a keep alive message to the SIP-Proxy 
to remain the state on the NAT'ed Firewall. So I have to lower the 
udp.timeout to be less than 25s to get rid of the state, which results that 
the SIP-Phone has to register against the SIP-Proxy every 25 seconds?!
Other Firewall products like Zyxel's, and other cheap/simple stuff can handle 
the setup.
So in my opinion, PF has to empty the state table if the public IP changes! 
Not true? Where or how can I contact the "makers" of PF to file in my 
request.
Regards,
Cyrill