Enabling Application-Level Gateways For Applications; With Special Needs - HP ProCurve Secure Router 7203 dl Advanced Management And Configuration Manual
Secure router
Hide thumbs
Also See for ProCurve Secure Router 7203 dl:
- Configuration manual (1114 pages) ,
- Reference manual (1455 pages) ,
- Product end-of-life disassembly instructions (2 pages)
Table of Contents
Advertisement
Setting Up Quality of Service
Example: Configuring QoS for VoIP
N o t e s
7-58
This organization uses general switched telephone network (GSTN) tele-
phones that follow the G.711 standard. VoIP calls must be carried from the
headquarters to each remote site. The organization anticipates that at the
busiest time of day the network should support up to 12 calls. You would
configure a low-latency queue to guarantee this bandwidth.
To deliver QoS for relatively small, time-sensitive VoIP frames, you must:
consider the special needs of your VoIP application
define VoIP traffic
determine the amount of bandwidth necessary for VoIP traffic
mark signaling traffic for special treatment
configure rate limiting and fragmentation if you are using Frame Relay
Enabling Application-Level Gateways for Applications
with Special Needs
G.711 is an H.323 application, which handles VoIP traffic. The application may
cause the VoIP traffic to behave in a different manner than data traffic. For
example, it sends VoIP traffic on one port and receives it on another port. If
you have enabled the Secure Router OS firewall, you must also enable the
H.323 application-level gateway (ALG) so that the firewall will automatically
permit return traffic. The ALG will also prevent the firewall from discarding
VoIP traffic for exhibiting unusual behavior.
The H.323 ALG is disabled by default. Enter:
ProCurve(config)# ip firewall alg h323
If your VoIP application uses SIP, then you should determine to which port or
ports the application sends traffic. The default port enabled for SIP on the
ProCurve Secure Router is UDP port 5060. If your application uses a different
port than you should open it with this command:
Syntax: ip firewall alg sip udp <port number>
If your RPT application uses unexpected ports, then the firewall may drop
return traffic. You should enable firewall traversal to allow all packets that are
part of an RTP session to pass through the firewall:
ProCurve(config)# ip rtp firewall-traversal
See Chapter 4: ProCurve Secure Router OS Firewall—Protecting the Inter-
nal, Trusted Network for more information on ALGs and firewall traversal.
Advertisement
Chapters
Table of Contents
Troubleshooting
