Tip
Make sure there are no preceding rules already in the IP rule set disallowing or
allowing the same kind of traffic.
SIP Usage Scenarios
NetDefendOS supports a variety of SIP usage scenarios. The following three scenarios cover nearly
all possible types of usage:
•
Scenario 1
Protecting local clients - Proxy located on the Internet
The SIP session is between a client on the local, protected side of the D-Link Firewall and a
client which is on the external, unprotected side. The SIP proxy is located on the external,
unprotected side of the D-Link Firewall. Communication typically takes place across the public
Internet with clients on the internal, protected side registering with a proxy on the public,
unprotected side.
•
Scenario 2
Protecting proxy and local clients - Proxy on the same network as clients
The SIP session is between a client on the local, protected side of the D-Link Firewall and a
client which is on the external, unprotected side. The SIP proxy is located on the local, protected
side of the D-Link Firewall and can handle registrations from both clients located on the same
local network as well as clients on the external, unprotected side. Communication can take place
across the public Internet or between clients on the local network.
•
Scenario 3
Protecting proxy and local clients - Proxy on a DMZ interface
The SIP session is between a client on the local, protected side of the D-Link Firewall and a
client which is on the external, unprotected side. The SIP proxy is located on the DMZ interface
and is physically separated from the local client network as well as the remote client network
and proxy network.
All the above scenarios will also deal with the situation where two clients in a session reside on the
same network.
These scenarios will now be examined in detail.
Scenario 1
Protecting local clients - Proxy located on the Internet
The scenario assumed is an office with VoIP users on a private internal network where the network's
topology will be hidden using NAT. This is illustrated below.
6.2.7. The SIP ALG
Chapter 6. Security Mechanisms
219
Содержание 800 - DFL 800 - Security Appliance
Страница 24: ...1 3 NetDefendOS State Engine Packet Flow Chapter 1 NetDefendOS Overview 24 ...
Страница 69: ...2 6 4 Restore to Factory Defaults Chapter 2 Management and Maintenance 69 ...
Страница 121: ...3 9 DNS Chapter 3 Fundamentals 121 ...
Страница 166: ...interfaces without an overriding IGMP Setting Default 1 000 4 6 4 Advanced IGMP Settings Chapter 4 Routing 166 ...
Страница 181: ...4 7 5 Advanced Settings for Transparent Mode Chapter 4 Routing 181 ...
Страница 192: ...5 5 IP Pools Chapter 5 DHCP Services 192 ...
Страница 282: ...6 7 Blacklisting Hosts and Networks Chapter 6 Security Mechanisms 282 ...
Страница 300: ...mechanism 7 3 7 SAT and FwdFast Rules Chapter 7 Address Translation 300 ...
Страница 301: ...7 3 7 SAT and FwdFast Rules Chapter 7 Address Translation 301 ...
Страница 303: ... Changed on a regular basis such as every three months 8 1 Overview Chapter 8 User Authentication 303 ...
Страница 318: ...8 3 Customizing HTML Pages Chapter 8 User Authentication 318 ...
Страница 322: ...ALG 9 1 5 The TLS Alternative for VPN Chapter 9 VPN 322 ...
Страница 377: ...Management Interface Failure with VPN Chapter 9 VPN 377 ...
Страница 408: ...10 4 6 SLB_SAT Rules Chapter 10 Traffic Management 408 ...
Страница 419: ...11 5 HA Advanced Settings Chapter 11 High Availability 419 ...
Страница 426: ...12 3 5 Limitations Chapter 12 ZoneDefense 426 ...
Страница 449: ...13 9 Miscellaneous Settings Chapter 13 Advanced Settings 449 ...