snom technology AG • 37
[
S N O M
4 S N A T F
I L T E R
]
allocated for the number of calls that you wish to route through the NAT
Filter. This is a setting you may have to coordinate with your firewall.
4.3.5 Media Relay
If you set the
Always Relay
flag, the filter will always relay
media via the filter and will not allow bypassing it by ICE contacts. That
means it will remove ICE contacts from the SDP and not insert an addi-
tional address for itself. This flag is useful when you want to make sure
that all media flows through the filter, e.g. for measurement purposes or
because you want to be able to record all calls. However, it will not be pos-
sible to do local media path optimization if you turn this flag on.
4.3.6 Controlling Routing
The
Loose Routing
flag influences the way the NAT Filter inserts
routing headers into SIP packets. Loose routing is the routing mechanism
proposed in the latest SIP document; however there are devices which
are not able to deal properly with these routing headers (the new stan-
dard is not backward compatible with the old standard).
The
Hide Routing
flag will replace route sets with a unique route
index when requests or responses are sent to a registered user agent.
Via headers are also replaced with one Via header. This feature has sev-
eral advantages. First of all, it will reduce the packet size significantly,
especially when your core network uses several proxies or when it loops
requests through the proxy several times. Usually, UDP packets will have
a size significantly below the MTU size of 1492 bytes for Ethernet. This is
a tremendous advantage that solves many problems with equipment that
does not support UDP fragmentation.
Secondly, it hides important information about your network to-
pology from the user agents. For example, when you are terminating calls
with a PSTN gateway, the users are not able to see the IP address of the
PSTN gateway in the routing path (if you turn “always relay” on, this ad-
dress will also not occur in the SDP). Users will only “see” the filter as the
only window to the outside world. This makes attacks much more difficult.
It is much easier to protect only the filter against attacks than your whole
SIP network.
The third big advantage is that it solves many problems with
poor SIP implementations. Typically, immature SIP implementations can-
4.
Содержание 4S NAT Filter
Страница 1: ...snom 4S NAT Filter Admin Manual snom 4S NAT Filter Version 2 09...
Страница 24: ...24 Architecture S N O M 4 S N A T F I L T E R 2...
Страница 32: ...32 Installation S N O M 4 S N A T F I L T E R 3...
Страница 55: ......