Hoping someone has some ideas for me as I've run out of my own.

We implemented our Palo Alto firewall at our HQ in May of this year. Ever since implementation we have been having very strange issues with our video conferences where connecting to a video conference can take multiple tries and will exhibit some of the following:

* Call connects, but there is no video and no audio

* Call connects and there is audio but no video
* Call rings multiple times and eventually disconnects

* Call rings once and immediately disconnects

* Call connects, audio and video work

It never works on the first try when connecting to outside endpoints, and sometimes it will take 4 or 5 tries to get a complete connection to an endpoint.

This seems to work perfectly fine with completely internal video conferencing that does not traverse the PA, so I'm sure I've configured something incorrectly but am at a loss as to what to do now.

Here's our devices:

Room1 (10.0.1.10) (Tandberg C40)

VCS-C (10.0.1.200) (X8.2)

VCS-E (10.0.1.20 and NAT Outside IP) (X7.2.2)

On the Palo I have the following policies:

As you can see based on the policies our entire setup is basically wide open at the moment with everything allowed both ways. I'd obviously like to not leave it this way, but we are still trying to figure out whats going on.

We never see any denies or dropped traffic for any leg of the conference, and for traffic there's no difference in logs I've been able to see.

Completely at a loss as to what could be going on. If any more information is needed let me know. Have yet to open either a TAC case or a case with PA.