Jump to content

This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!

VoIP Firewall: Difference between revisions

Explain the options when using NAT, as ALGs are notoriously error prone
(Give an example for several phones behind NAT)
(Explain the options when using NAT, as ALGs are notoriously error prone)
(One intermediate revision by the same user not shown)
[[File:Snom710.png|link=:Category:VoIP|Go to the VoIP Category]]
 
Allowing appropriate SIP and RTP packets through a firewall is the key to reliable VoIP communication. This isIt whatmay webe suggestpossible firewallto achieve reliability using SIP Keep-wiseAlive packets (every 120 seconds or so) and relying on phones using UDP hole punching for VoIPthe audio channel, but firewall rules are more certain to customers:work.
 
This is what we suggest firewall-wise for VoIP customers:
Avoid using NAT where possible. However, some NAT gateways provide an adequate SIP ALG (e.g. Technicolor TG582), and some devices provide NAT that works with the new call server (e.g. FireBrick FB2700 and many simple NAT routers). If NAT works, then well done, but if not we cannot guarantee to be able to make it work.
 
Avoid using NAT where possible. HoweverIf using NAT, somethe options are to tell the phone what its public IP address is (either by explicit configuration, or by specifying a STUN server to use - e.g. ''stun.aa.net.uk''), or to use a SIP Application Layer Gateway to rewrite SIP packets on the fly. Some NAT gateways provide an adequate SIP ALG (e.g. Technicolor TG582), and some devices provide NAT that works with the new call server (e.g. FireBrick FB2700 and many simple NAT routers). If NAT works, then well done, but if not we cannot guarantee to be able to make it work.
 
{| class="wikitable"
editor
466

edits