Dmz Host; Voip Port Dynamic Setting - Panasonic KX-NS1000 Installation Manual

8.6.17 DMZ Host

Description
This PBX supports the DMZ (De-Militarised Zone) Host (or simply DMZ) function, but not the strictly defined
DMZ function. It will forward all incoming access to a specified IP address on the LAN.
The DMZ is a segment on the network protected by a firewall. It prevents unauthorised access from the internet
and keeps threats from proliferating within the internal network.
Packets addressed to the PBX's WAN-side IP address are forwarded to the LAN-side device specified as the
DMZ host. However, traffic that accesses previously used ports will be handled by the appropriate application.
Only 1 device can be specified as the DMZ host.
Note
If the DMZ host feature is enabled, the DMZ host device and other devices on the LAN are on the same
network segment, which can pose a security risk.
PC Programming Manual References
27.5 Router Configuration—Setup—[1-5] DMZ

8.6.18 VoIP Port Dynamic Setting

Description
This feature allows NAPT settings to be configured automatically for communication protocols that require NAT
traversal settings (e.g., SIP). These protocols are used by devices such as SIP phones and IP-PTs.
When using protocols like SIP that require NAT traversal, the necessary parameters, such as the RTP port
number and the port number for the protocol in use, are configured automatically.
Conditions
•
When an extension is connected to an outside destination using P2P and the parties are directly
exchanging RTP packets, this feature is applicable only to SIP trunks.
•
When the built-in router is enabled, all communication over IP trunks and remote extensions will be directed
to the WAN interface of the built-in router. To direct communication to an external router, you must set the
applicable address and routing information to divert communication to the PBX LAN interface.
•
When the KX-NS1000 is the RTP terminal
Specify the port range for RTP to a port range that is not applicable to the dynamic NAPT feature. By doing
so, the port numbers of RTP packets sent from the LAN are not changed by dynamic NAPT, and RTP
packets can use the port number negotiated by SIP.
The RTP port number is different from the ports set in the static NAPT settings, and the port will be opened
for the first time when an RTP packet is sent from the LAN, so it is secure. However, the port will be opened
only when a packet is sent from the LAN, so any WAN traffic received at the port before it is opened will
be discarded.
When the built-in router is used as an edge router and dynamic NAPT is enabled, this feature operates
associating the DSP's IP address and the RTP port range settings.
•
When an extension is the RTP terminal (P2P)
With RTP/RTCP communication, NAT traversal problems will arise when performing voice communication
via P2P. Therefore, the PBX will automatically configure the NAPT settings for RTP and RTCP as
necessary from the SDP information.
8.6.18 VoIP Port Dynamic Setting
Installation Manual 359