ZyXEL Communications ZyWALL USG Series Application Note page 178

4.7.2.2 Set Up a NAT Policy for the IPPBX
Click Configuration > Network > NAT > Add > Create New Object > Address and create an
IPv4 host address object for the IPPBX's private DMZ IP address of 192.168.3.9. Repeat to create a
host address object named IPPBX-Public for the public WAN IP address 1.1.1.2.
• Configure a name for the rule (WAN-DMZ_IPPBX here).
• You want the IPPBX to receive calls from the WAN and also be able to send calls to the WAN so you
set the Classification to NAT 1:1.
• Set the Incoming Interface to use the WAN interface.
• Set the Original IP to the WAN address object (IPPBX-Public). If a domain name is registered for
IP address 1.1.1.2, users can use it to connect to for making SIP calls.
• Set the Mapped IP to the IPPBX's DMZ IP address object (IPPBX-DMZ).
• Set the Port Mapping Type to Port, the Protocol Type to UDP and the original and mapped
ports to 5060.
• Keep Enable NAT Loopback selected to allow the LAN users to use the IPPBX.
• Click OK.
Figure 50
4.7.2.3 Set Up a WAN to DMZ Firewall Rule for SIP
The firewall blocks traffic from the WAN zone to the DMZ zone by default so you need to create a
firewall rule to allow the public to send SIP traffic to the IPPBX. If a domain name is registered for IP
address 1.1.1.2, users can use it to connect to for making SIP calls.
Click Configuration > Firewall > Add. Set the From field as WAN and the To field as DMZ. Set the
Destination to the IPPBX's DMZ IP address object (DMZ_SIP). IPPBX_DMZ is the destination
because the ZyWALL applies NAT to traffic before applying the firewall rule. Set the Access field to
allow and click OK.
Configuration > Network > NAT > Add