D-Link DFL-2500 User Manual
Page 153
VOIP see also Section 6.2.8, “H.323”.)
SIP Components
The following components are the logical building blocks for SIP communication:
User Agents
These are the end points or "peers" that are involved in the peer-to-peer
communication. These would typically be the workstation or device used in an
IP telephony conversation. The word peer will often be used in this section in
this context.
Proxy Servers
These act as routers in the SIP protocol, performing both as peer and server
when receiving peer requests. They forward requests to a peer's current
location as well as authenticating and authorizing access to services. They also
implement provider call-routing policies.
The proxy is typically located on the unprotected side of the D-Link Firewall
and this is the proxy location supported by the NetDefendOS SIP ALG.
Registrars
A server that handles SIP REGISTER requests is given the special name of
Registrar. The Registrar server has the task of locating the host where the
other peer is reachable.
The Registrar and Proxy Server are logical entities and my in fact reside in the
same physical server.
SIP Media-related Protocols
SIP sessions make use of a number of sub-protocols:
SDP
Session Description Protocol (RFC4566) is used for media session initialization.
RTP
Real-time Transport Protocol (RFC3550) is used as the underlying packet format for
delivering audio and video streaming via IP using the UDP protocol.
RTCP
Real-time Control Protocol (RFC3550) is used in conjunction with RTP to provide
out-of-band control flow management.
SIP Usage Scenarios
The NetDefendOS SIP ALG supports the following usage scenarios:
1. Internal to External
The SIP session is between a peer on the protected side of a
D-Link Firewall and a peer which is on the external,
unprotected side. Communication typically takes place across
the public Internet.
2. Same Network
A refinement of the internal to internal scenario is the case
where the two peers in a session reside on the same network.
In all these three scenarios the proxy server is assumed to be on the unprotected side of the D-Link
Firewall.
SIP Configuration Options
The following options can be configured for a SIP ALG object:
6.2.7. SIP
Chapter 6. Security Mechanisms
153