D-Link NetDefendOS User Manual page 464

NetDefendOS Supports Three Scenarios
Before continuing to describe SIP in more depth, it is important to understand that NetDefendOS
supports SIP usage in three distinct scenarios:
• Protecting Local Clients
In this scenario, the proxy is located somewhere on the public Internet.
• Protecting Proxy and Local Clients
Here, the proxy is located on the same network as the clients. However, this case can be
divided into two scenarios:
i. The clients and proxy are on an internal, trusted network.
ii. The clients and proxy are on the DMZ network.
Note: Virtual routing and route failover cannot be used
The SIP ALG cannot be configured with any other routing table except the main routing
table. This means the Virtual Routing feature cannot be configured with SIP, nor can
policy-based routing (PBR) rules be used with SIP.
Another routing restriction is that the Route Failover feature cannot be used.
Traffic Shaping with SIP
Any traffic connections that trigger a NetDefendOS IP rule (or IP policy) with an associated
service object that uses SIP, cannot also be subject to NetDefendOS traffic shaping.
SIP Components
The following components are the logical building blocks for SIP communication:
User Agents These are the endpoints or clients that are involved in the client-to-client
communication. These would typically be the workstation or device used in
an IP telephony conversation. The term client will be used throughout this
section to describe a user agent.
Proxy Servers These act as routers in the SIP protocol, performing both as client and
server when receiving client requests. They forward requests to a client's
current location as well as authenticating and authorizing access to
services. They also implement provider call-routing policies.
The proxy is often located on the external, unprotected side of the
NetDefend Firewall but can have other locations. All of these scenarios are
supported by NetDefendOS.
Registrars A server that handles SIP REGISTER requests is given the special name of
Registrar. The Registrar server has the task of locating the host where the
other client is reachable.
The Registrar and Proxy Server are logical entities and may, in fact, reside on
the same physical server.
464
Chapter 6: Security Mechanisms