NAT Typ | |
Firewall | Servicebasiert / Portbasiert |
VoIP Unterstützung | transparentes SIP Rewrite |
QoS / ToS | |
VPN Unterstützung | |
Routing Protokolle | |
Doku
VoIP Konfigurationsanleitung für SonicOS
Voip Unterstützung
Enable SIP Transformations - Select this option to transform SIP messaging from LAN (trusted to WAN (untrusted). You need to check this setting when you want the SonicWALL to do the SIP transformation. If your SIP proxy is located on the public (WAN) side of the SonicWALL and SIP clients are on the LAN side, the SIP clients by default embed/use their private IP address in the SIP/Session Definition Protocol (SDP) that are sent to the SIP proxy, hense these messages are not changed and the SIP proxy does not know how to get back to the client behind the SonicWALL. Selecting Enable SIP Transformations enables the SonicWALL to go through each SIP message and change the private IP address and assigned port. The Enable SIP Transformation also controls and opens up the RTP/RTCP ports that need to be opened for the SIP session calls to happen. NAT translates Layer 3 addresses but not the Layer 5 SIP/SDP addresses, which is why you need to select Enable SIP Transformations to transform the SIP messages. It's recommended that you turn on Enable SIP Transformations unless there is another NAT traversal solution that requires this feature to be turned off. SIP Transformations works in bi-directional mode and it transforms messages going from LAN to WAN and vice versa.
Achtung: bei älteren Firmware-Ständen treten Probleme auf, dass die "Consistent NAT"-Regel nicht zuverlässig greift.
Unbedingt auf aktuellen Firmware-Stand >= 5.6.5.1-33o updaten!!!
Beispiel-Konfiguration:
Firewall LAN to WAN:
TCP Connection Inactivity Timeout: 15 Minutes
UDP Connection Inactivity Timeout: 120 Seconds
VoIP Settings:
Enable: Consistent NAT
Enable: SIP Transformations
Disable: Permit non-SIP packets on signaling port
Enable: Enable SIP Back-to-Back User Agent (B2BUA) Support
SIP Signaling inactivity time out: 1800 seconds
SIP Media inactivity time out: 120 seconds
Additional SIP signaling port (UDP) for transformations (optional): 0
CODE
Wenn Probleme auftreten, muss evtl. eine eingehende Access Regel eingetragen werden, die auch eingehenden SIP Traffic erlaubt.