Manualshelf

Specifications

ManualsBrandsAcard ManualsMusical equipmentARS-2051F
21222324252627282930
MBG Engineering Guidelines, Release 8.0
NIC should be given an address on the DMZ network. The firewall will map between this address and the
external address used for MBG.
Details of the protocols that must be configured in the firewall are provided in Firewall Configuration. Particular
attention should be paid to the requirement that all UDP ports >= 1024 on the LAN be permitted to reach the
public IP of the MBG server.
Warning: Failure to configure the firewall properly will result in audio problems (typically one-way
audio).
Known Issues
Checkpoint “NG” Firewalls
Checkpoint “NG” firewalls (e.g. FireWall-1 NG) have a feature called “Smart Connection Re-use” that may
interfere with older MiNet sets and some SIP sets that use a fixed source port for their outgoing connection. The
feature should be disabled with older sets or if set connections to the MBG server cannot be maintained.
It is not a problem with newer sets that randomize the source port used for each new connection.
Port-Forwarding Firewalls
Use of MBG server with a port-forwarding firewall (where the external address of the firewall is shared between
the Mitel Border Gateway and other applications) is supported by MBG version 3.0 and higher. The firewall
device must have at least 3 interfaces (external, internal, DMZ). This allows for a single external IP address to be
assigned to the firewall. It does not eliminate the need for a separate DMZ network.
This special configuration is identical to a normal DMZ deployment with the exception that the MBG’s publicly-
visible IP address will be the same as the firewall’s publicly-visible address (that is, the single public IP address
is shared).
Warning: Two-port firewall devices that simulate a DMZ through port forwarding are not supported, even
if the device allows multiple external IP addresses.
SIP-Aware Firewalls
Many firewall devices today understand the SIP protocol and include some type of NAT traversal or rewriting of
SIP packets. When MBG is used for connecting SIP clients (sets) and trunks, Mitel recommends
turning off any SIP features of the main firewall. At best, it is redundant to have two devices
performing the same job. In worse cases, they interfere with each other.
UDP Flood Protection
UDP flooding protection and VoIP applications utilizing RTP do not work well together. It is recommended that
UDP flooding protection in firewalls in the voice path be disabled.
16