Install guide

ManualsBrandsAllied Telesis ManualsComputer equipmentRapier 16Fi-FX

66 Firewall Enhancements Release Note

Software Version 2.9.1

C613-10486-00 REV C

Network address

translation

In automatic mode, the SIP ALG uses NAT on the sessions when NAT has been

configured on the firewall. We recommend that you select enhanced NAT. In

automatic mode, the SIP ALG is designed to give each SIP client a consistent

identity on the public network when NAT is in use.

It is possible to use the SIP ALG without NAT. This is an option for networks

where the SIP clients have globally routable IP addresses, or the whole SIP

network is restricted to a privately addressed network.

Configuring the SIP ALG in automatic mode

This section describes how to configure the firewall so that VoIP calls are

managed using the SIP ALG in automatic mode. This includes configuring

enhanced NAT on the firewall policy.

Before you start This section describes the IP and firewall configuration. You also need to:

■ configure the underlying connection to the Internet, such as PPP or ADSL

■ create a security officer and enable system security, if required

Storing client

information

In automatic mode, the SIP ALG stores the SIP client details in a client

database. This database contains the registration expiry times as well as client

information, and is stored both dynamically and statically. The dynamic

version is stored on RAM, while a static copy is stored on flash. The static copy

is designed to minimise any loss of service to SIP clients. If a router or switch

restart or reboot occurs, then the SIP ALG can immediately restore the firewall

sessions using the information in this file.

Procedure

Step Action Commands

1 Configure IP on the public and

private interfaces:

assign IP addresses

create a default route on the

public interface, if required

add ip interface=interface ipaddress=ipadd

[other-ip-parameters]

add ip route=0.0.0.0 mask=0.0.0.0

interface=public-interface nexthop=ipadd

2 Enable IP. enable ip

3 Enable the SIP ALG. enable firewall sipalg

4 Create a firewall policy. create firewall policy=name

[other-policy-parameters]

5 Use the policy on the router or

switch’s public and private

interfaces.

add firewall policy=name

interface=public-interface type=public

add firewall policy=name

interface=private-interface type=private

6 Configure the NAT mode for the

policy.

add firewall policy=name nat=enhanced

7 Configure the SIP ALG for the

firewall:

assign the mode

specify the maximum number

of automatic clients

specify how calls to and from

Proxy Servers are dealt with

set firewall sipalg mode=automatic

[maxautoclients=1..1000]

[multiservers={outonly|off|on|yes}]

8 Enable the firewall. enable firewall