Fortinet FortiGate Series Administration Manual page 508
Hide thumbs
Also See for FortiGate Series:
- Administration manual (60 pages) ,
- Install manual (51 pages) ,
- Quick start manual (14 pages)
Table of Contents
Advertisement
The FortiGate unit and VoIP security
Destination NAT (SIP and RTP)
508
In the destination NAT scenario, a SIP phone can connect to a local IP using a FortiOS
VIP. The FortiGate unit translates the SIP contact header to the IP of the real SIP server
located outside.
Figure 297: SIP destination NAT
10.72.0.60
10.72.0.57
In the scenario, shown in
FortiGate SIP ALG translates the SIP contact header to 217.10.79.9. The FortiGate ALG
will open the Real-time Transport Protocol (RTP) pinholes and manage NAT.
The FortiGate unit also supports a variation of this scenario—the RTP server hides its real
address.
Figure 298: SIP destination NAT-RTP server hidden
RTP Server
10.0.0.60
SIP Server
In this scenario, shown in
service provider only publishes a single public IP (a VIP). The SIP phone connects to the
FortiGate unit (217.233.90.60) and the FortiGate unit then translates the SIP contact
header to the SIP server (10.0.0.60). The SIP server changes the SIP/SDP connection
information (which tells the SIP phone which RTP IP it should contact) also to
217.233.90.60.
SIP Server
217.233.122.132
Figure
297, the SIP phone connects to a VIP (10.72.0.60). The
192.168.200.99
217.233.90.60
Figure
298, a SIP phone connects to the Internet. The VoIP
FortiGate Version 4.0 MR1 Administration Guide
217.10.79.9
217.10.69.11
RTP Server
SIP service provider has a SIP server
and a separate RTP server
Internet
219.29.81.21
Internet
01-410-89802-20090903
http://docs.fortinet.com/
SIP support
•
Feedback
Advertisement
Table of Contents
