ZyXEL Communications ZyWall USG 2000 User Manual page 295
Unified security gateway
Hide thumbs
Also See for ZyWall USG 2000:
- User manual (1114 pages) ,
- Manual (964 pages) ,
- Support notes (227 pages)
Table of Contents
Advertisement
• Using the SIP ALG allows you to use bandwidth management on SIP traffic.
• The SIP ALG handles SIP calls that go through NAT or that the ZyWALL routes.
You can also make other SIP calls that do not go through NAT or routing.
Examples would be calls between LAN IP addresses that are on the same
subnet.
• The SIP ALG supports peer-to-peer SIP calls. The firewall (by default) allows
peer to peer calls from the LAN zone to go to the WAN zone and blocks peer to
peer calls from the WAN zone to the LAN zone.
• The SIP ALG allows UDP packets with a specified port destination to pass
through.
• The ZyWALL allows SIP audio connections.
• You do not need to use STUN (Simple Traversal of User Datagram Protocol
(UDP) through Network Address Translators) for VoIP devices behind the
ZyWALL when you enable the SIP ALG.
• Configuring the SIP ALG to use custom port numbers for SIP traffic also
configures the application patrol (see
port numbers for SIP traffic. Likewise, configuring the application patrol to use
custom port numbers for SIP traffic also configures SIP ALG to use the same
port numbers for SIP traffic.
Peer-to-Peer Calls and the ZyWALL
The ZyWALL ALG can allow peer-to-peer VoIP calls for both H.323 and SIP. You
must configure the firewall and virtual server (port forwarding) to allow incoming
(peer-to-peer) calls from the WAN to a private IP address on the LAN (or DMZ).
VoIP Calls from the WAN with Multiple Outgoing Calls
When you configure the firewall and virtual server (port forwarding) to allow calls
from the WAN to a specific IP address on the LAN, you can also use policy routing
to have H.323 (or SIP) calls from other LAN or DMZ IP addresses go out through a
different WAN IP address. The policy routing lets the ZyWALL correctly forward the
return traffic for the calls initiated from the LAN IP addresses.
For example, you configure the firewall and virtual server to allow LAN IP address
A to receive calls from the Internet through WAN IP address 1. You also use a
policy route to have LAN IP address A make calls out through WAN IP address 1.
Configure another policy route to have H.323 (or SIP) calls from LAN IP addresses
B and C go out through WAN IP address 2. Even though only LAN IP address A
ZyWALL USG 2000 User's Guide
Chapter 29 on page
443) to use the same
Chapter 18 ALG
295
Advertisement
Table of Contents
Troubleshooting
Related Manuals for ZyXEL Communications ZyWall USG 2000
Related Products for ZyXEL Communications ZyWall USG 2000
- ZyXEL Communications ZYWALL USG 20W
- ZyXEL Communications USG210
- ZyXEL Communications ZyWall USG20W-VPN
- ZyXEL Communications ZyWall USG20-VPN
- ZyXEL Communications ZYWALL USG 300
- ZyXEL Communications USG-50 - V2.21 ED 1
- ZyXEL Communications USG-100@USG-200 - V2.20 ED 2
- ZyXEL Communications USG-300 - V2.20 ED 2