VoIP Firewall: Difference between revisions

(→‎NAT: fix brackets)
mNo edit summary
[[File:Snom710.png|link=:Category:VoIP|Go to the VoIP Category]]
 
=== If you are not using public IP addresses (ie NAT): ===
Allowing appropriate SIP and RTP packets through a firewall is the key to reliable VoIP communication. It may be possible to achieve reliability using SIP Keep-Alive packets (every 120 seconds or so) and relying on phones using UDP hole punching for the audio channel, but firewall rules are more certain to work.
 
If your phone on private IP addresses (eg 192.168.x.x, 10.x.x.x) then you won't need to set up the firewall as you're not using pubic IP addresses.
This is what we suggest firewall-wise for VoIP customers:
 
Avoid using NAT where possible. If using NAT, the options are to tell the phone what its public IP address is (either by explicit configuration, or by specifying a STUN server to use - e.g. ''stun.aa.net.uk''), or to use a SIP Application Layer Gateway to rewrite SIP packets on the fly. Some NAT gateways provide an adequate SIP ALG (e.g. Technicolor TG582), and some devices provide NAT that works with the new call server (e.g. FireBrick FB2700FB2900 and many simple NAT routers). If NAT works, then well done, but if not we cannot guarantee to be able to make it work.
 
=== If you are using public IP addresses: ===
 
Allowing appropriate SIP and RTP packets through a firewall is the key to reliable VoIP communication. It may be possible to achieve reliability using SIP Keep-Alive packets (every 120 seconds or so) and relying on phones using UDP hole punching for the audio channel, but firewall rules are more certain to work.
 
This is what we suggest firewall-wise for VoIP customers: who have SIP devices (phones/PABXs etc) on public IP addresses.
Avoid using NAT where possible. If using NAT, the options are to tell the phone what its public IP address is (either by explicit configuration, or by specifying a STUN server to use - e.g. ''stun.aa.net.uk''), or to use a SIP Application Layer Gateway to rewrite SIP packets on the fly. Some NAT gateways provide an adequate SIP ALG (e.g. Technicolor TG582), and some devices provide NAT that works with the new call server (e.g. FireBrick FB2700 and many simple NAT routers). If NAT works, then well done, but if not we cannot guarantee to be able to make it work.
 
{| class="wikitable"
Retrieved from ‘http://support.aa.net.uk/VoIP_Firewall