Sip With Local Clients/Internet Proxy Using Ip Rules - D-Link NetDefendOS User Manual

The advantage of using Record-Route is clear since now the destination network for outgoing
traffic and the source network for incoming traffic have to include all IP addresses that are
possible.
Note: Tables omit the Service object
In this section, tables which list IP rules/policies like those above, will omit the Service
object associated with the rule. The same, custom Service object is used for all SIP
scenarios.
Example 6.7. SIP with Local Clients/Internet Proxy Using IP Rules
This example shows the exact steps to implement Scenario 1 which is described above. The local
network topology is hidden using NAT. The proxy server lies on the external, unprotected side of
the NetDefend Firewall.
The client is assumed to be on the network if1_net connected to the interface if1. The SIP proxy is
assumed to be on the IP address proxy_ip on the interface ext.
Web Interface
A. Define the following IP objects:
• if1_net: 192.168.1.0/24
(the internal network)
• proxy_ip: 81.100.55.2
(the SIP proxy)
• ip_wan: 81.100.55.1
(the NetDefend Firewall's public IPv4 address)
B. Define an SIP ALG object
1. Go to: Objects > ALG > Add > SIP ALG
2. Specify a name for the ALG, in this case my_sip_alg
3. Click OK
C. Define a custom Service object for SIP:
1. Go to: Objects > Services > Add > TCP/UDP
2. Specify a name for the service, in this case my_sip_service
3. Choose UDP as the Type
4. Choose my_sip_alg as the ALG
5. For the Destination property, enter the port number 5060
6. Click OK
470
Chapter 6: Security Mechanisms