D-Link DFL-1660 User Manual page 298
Network security firewall
Hide thumbs
Also See for DFL-1660:
- User manual (483 pages) ,
- Installation manual (45 pages) ,
- Reference manual (948 pages)
Table of Contents
Advertisement
6.2.8. The SIP ALG
SIP Sets Up Sessions
SIP does not know about the details of a session's content and is only responsible for initiating,
terminating and modifying sessions. Sessions set up by SIP are typically used for the streaming of
audio and video over the Internet using the RTP/RTCP protocol (which is based on UDP) but they
might also involve traffic based on the TCP protocol. An RTP/RTCP based sessions might also
involve TCP or TLS based traffic in the same session.
The SIP RFC
SIP is defined by IETF RFC 3261 and this is considered an important general standard for VoIP
communication. It is comparable to H.323, however, a design goal with SIP was to make SIP more
scalable than H.323. (For VoIP, see also Section 6.2.9, "The H.323 ALG".)
NetDefendOS Supports Three Scenarios
Before continuing to describe SIP in more depth, it is important to understand that NetDefendOS
supports SIP usage in three distinct scenarios:
•
Protecting Local Clients
In this scenario, the proxy is located somewhere on the public Internet.
•
Protecting Proxy and Local Clients
Here, the proxy is located on the same network as the clients. However, this case can be divided
into two scenarios:
i.
The clients and proxy are on an internal, trusted network.
ii.
The clients and proxy are on the DMZ network.
Traffic Shaping with SIP
Any traffic connections that trigger a NetDefendOS IP rule with an associated service object that
uses the SIP ALG cannot also be subject to traffic shaping.
SIP Components
Important: Third Party Equipment Compliance
NetDefendOS is based on the SIP implementation described in RFC 3261. However,
correct SIP message processing and media establishment cannot be guaranteed unless
local and remote clients as well as proxies are configured to follow RFC 3261.
Unfortunately, some third party SIP equipment may use techniques that lie outside
RFC 3261 and it may not be possible to configure the equipment to disable these. For
this reason, such equipment may not be able to operate successfully with the
NetDefendOS SIP ALG.
For example, analog to digital converters that do not work with the SIP ALG may
come pre-configured by service providers with restricted configuration possibilities.
NAT traversal techniques like STUN also lie outside of RFC 3261 and need to be
disabled.
298
Chapter 6. Security Mechanisms
- Quick Links:
- The Cli
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
