D-Link DFL-2500 User Manual
Page 154

Maximum Sessions per ID
The number of simultaneous sessions that a single peer can be
involved with is restricted by this value. The default number
is 5.
Maximum Registration Time
The maximum time for registration with a SIP Registrar. The
default value is 3600 seconds.
SIP Request-Response Timeout
The maximum time allowed for responses to SIP requests. A
timeout condition occurs after this wait. The default is 180
SIP Signal Timeout
The maximum time allowed for SIP sessions. The default
value is 43200 seconds.
Data Channel Timeout
The maximum time allowed for periods with no traffic in a
SIP session. A timeout condition occurs if this value is
exceeded. The default value is 120 seconds
SIP Setup Summary
For setup we will assume a scenario where there is an office with VOIP users on a private internal
network and the network's topology will be hidden using NAT. This scenario is illustrated below.
The SIP proxy in the above diagram could alternatively be located remotely across the Internet. The
SIP proxy server should be configured with the feature Record-Route Enabled to insure all SIP
traffic to and from the office peers will be sent through the SIP Proxy. This is recommended since
the attack surface is minimimized by allowing only SIP signalling from the SIP Proxy to enter the
local network. The steps to follow are:
SIP User Agents and SIP Proxies should not be configured to employ NAT Traversal
in a setup. For instance the Simple Traversal of UDP through NATs (STUN) technique
should not be used. The NetDefendOS SIP ALG will take care of all traversal issues
with NAT in a SIP setup.
Define a SIP ALG object using the options described above.
A Service object is used for the ALG which has the above SIP ALG associated with it. The
Service should have:
Destination Port set to 5060
Type set to UDP
Define two rules in the IP rule set:
6.2.7. SIP
Chapter 6. Security Mechanisms