beautypg.com

Amer Networks E5Web GUI User Manual

Page 422

background image

This rule has core as the destination interface (in other words, cOS Core itself ). When an
incoming call is received, cOS Core uses the registration information of the local receiver
to automatically locate this receiver, perform address translation and forward SIP
messages to the receiver. This will be done based on the internal state of the SIP ALG.

The IP rules needed with Record-Route enabled are:

Action

Src Interface

Src Network

Dest Interface

Dest Network

OutboundToProxy

NAT

lan

lan_net

dmz

ip_proxy

OutboundFromProxy

Allow

dmz

ip_proxy

wan

all-nets

InboundFromProxy

Allow

dmz

ip_proxy

core

dmz_ip

InboundToProxy

Allow

wan

all-nets

dmz

ip_proxy

With Record-Route disabled, the following IP rules must be added to those above:

Action

Src Interface

Src Network

Dest Interface

Dest Network

OutboundBypassProxy

NAT

lan

lan_net

wan

all-nets

InboundBypassProxy

Allow

wan

all-nets

core

ipdmz

Solution B - Without NAT

The setup steps are as follows:

1.

Define a single SIP ALG object using the options described above.

2.

Define a Service object which is associated with the SIP ALG object. The service should have:

Destination Port set to 5060 (the default SIP signalling port)

Type set to TCP/UDP

3.

Define four rules in the IP rule set:

An Allow rule for outbound traffic from the clients on the internal network to the proxy
located on the DMZ interface.

An Allow rule for outbound traffic from the proxy behind the DMZ interface to the
remote clients on the Internet.

An Allow rule for inbound SIP traffic from the SIP proxy behind the DMZ interface to the
clients located on the local, protected network.

An Allow rule for inbound SIP traffic from clients and proxies on the Internet to the proxy
behind the DMZ interface.

4.

If Record-Route is not enabled at the proxy, direct exchange of SIP messages must also be
allowed between clients, bypassing the proxy. The following two additional rules are
therefore needed when Record-Route is disabled:

An Allow rule for outbound traffic from the clients on the local network to the external
clients and proxies on the Internet.

An Allow rule for inbound SIP traffic from the Internet to clients on the local network.

The IP rules with Record-Route enabled are:

Chapter 6: Security Mechanisms

422

This manual is related to the following products: