Amer Networks E5Web GUI User Manual
Page 422

This rule has core as the destination interface (in other words, cOS Core itself ). When an
incoming call is received, cOS Core uses the registration information of the local receiver
to automatically locate this receiver, perform address translation and forward SIP
messages to the receiver. This will be done based on the internal state of the SIP ALG.
The IP rules needed with Record-Route enabled are:
Action
Src Interface
Src Network
Dest Interface
Dest Network
OutboundToProxy
NAT
lan
lan_net
dmz
ip_proxy
OutboundFromProxy
Allow
dmz
ip_proxy
wan
all-nets
InboundFromProxy
Allow
dmz
ip_proxy
core
dmz_ip
InboundToProxy
Allow
wan
all-nets
dmz
ip_proxy
With Record-Route disabled, the following IP rules must be added to those above:
Action
Src Interface
Src Network
Dest Interface
Dest Network
OutboundBypassProxy
NAT
lan
lan_net
wan
all-nets
InboundBypassProxy
Allow
wan
all-nets
core
ipdmz
Solution B - Without NAT
The setup steps are as follows:
1.
Define a single SIP ALG object using the options described above.
2.
Define a Service object which is associated with the SIP ALG object. The service should have:
•
Destination Port set to 5060 (the default SIP signalling port)
•
Type set to TCP/UDP
3.
Define four rules in the IP rule set:
•
An Allow rule for outbound traffic from the clients on the internal network to the proxy
located on the DMZ interface.
•
An Allow rule for outbound traffic from the proxy behind the DMZ interface to the
remote clients on the Internet.
•
An Allow rule for inbound SIP traffic from the SIP proxy behind the DMZ interface to the
clients located on the local, protected network.
•
An Allow rule for inbound SIP traffic from clients and proxies on the Internet to the proxy
behind the DMZ interface.
4.
If Record-Route is not enabled at the proxy, direct exchange of SIP messages must also be
allowed between clients, bypassing the proxy. The following two additional rules are
therefore needed when Record-Route is disabled:
•
An Allow rule for outbound traffic from the clients on the local network to the external
clients and proxies on the Internet.
•
An Allow rule for inbound SIP traffic from the Internet to clients on the local network.
The IP rules with Record-Route enabled are:
Chapter 6: Security Mechanisms
422