•
if1_net: 192.168.1.0/24
(the internal network)
•
proxy_ip: 81.100.55.2
(the SIP proxy)
•
ip_wan: 81.100.55.1
(the NetDefend Firewall's public IPv4 address)
B. Define a VoIP Profile object:
1.
Go to: Policies > Firewalling > VoIP > Add > VoIP Profile
2.
Specify a name for the profile, in this case my_sip_profile
3.
Click OK
C. Define a custom Service object for SIP:
1.
Go to: Objects > Services > Add > TCP/UDP
2.
Specify a name for the service, in this case my_sip_service
3.
Choose UDP as the Type
4.
For the Destination property, enter the port number 5060
5.
Set the Protocol property to SIP
6.
Click OK
D. Define the IP Policy for outgoing SIP traffic:
1.
Go to: Rules > IP Rule Set > main > Add > IP Policy
2.
Now enter:
•
Name: sip_nat
•
Action: Allow
•
Source Interface: if1
•
Source Network: if1_net
•
Destination Interface: ext
•
Destination Network: proxy_ip
•
Service: my_sip_service
•
Address Translation: NAT
•
Address Action: Outgoing interface IP
•
Comment: Allow outgoing SIP calls
3.
Select the VoIP tab, enable VoIP and select my_sip_profile
472
Chapter 6: Security Mechanisms