Install guide

ManualsBrandsAllied Telesis ManualsSwitchAT-8824

Software Version 2.7.4 7

Software Version 2.7.4

C613-10444-00 REV A

Configuring the Firewall to Allow VoIP Phone Calls

This section describes how to configure the SIP ALG and NAPT on the firewall.

Before you start This section describes the IP and firewall configuration. You also need to:

■ configure the underlying connection to the Internet, such as PPP or ADSL.

■ create a security officer and enable system security, if required.

Example In this scenario (Figure 1):

■ Three users need to receive and make phone calls through a firewall. An

AR750S router is the firewall.

■ The router’s interface to the public Internet is eth1.

■ The router’s interface to the private LAN is vlan1. Each user is directly

plugged into one of the router’s LAN switch ports.

Important: This example uses 10.10.10.10 instead of a globally-unique IP

address on the firewall's public interface. Replace this address with a suitable

global address for your network.

This example only describes the configuration of the firewall to allow traffic to

and from residential gateways and phones. You may also need to configure

firewall rules for other devices in the LAN, such as servers and PCs.

Procedure Step Commands Action

1 add ip interface=interface ipaddress=ipadd

[other-ip-parameters]

add ip route=0.0.0.0 mask=0.0.0.0

interface=public-interface nexthop=ipadd

enable ip

Configure IP on the public and

private interfaces:

• assign IP addresses

• create a default route on the

public interface, if required

• enable IP.

2 enable firewall Enable the firewall.

3 enable firewall sipalg Enable the SIP ALG.

4 create firewall policy=name

[other-policy-parameters]

Create a firewall policy.

5 add firewall policy=name

interface=public-interface type=public

add firewall policy=name

interface=private-interface type=private

Use the policy on the router’s public

and private interfaces.

6 add firewall policy=name rule=id

interface=interface protocol=udp

action=nat nattype=napt

ip=user-private-ip gblip=public-ip

port=private-sip-port

gblport=user-global-sip-port

Create policy rules to use NAPT for:

• each user in the LAN, on

• both the public and the private

interfaces

NAPT translates between public and

private IP address and UDP port.