D-Link DFL-260-IPS-12 Product Manual - Page 268
SIP Usage Scenarios, Scenario 1, Protecting local clients - Proxy located on the Internet
View all D-Link DFL-260-IPS-12 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 268 highlights
6.2.8. The SIP ALG Chapter 6. Security Mechanisms (sometimes described as SIP pinholes) for allowing the media data traffic to flow through the NetDefend Firewall. Tip Make sure there are no preceding rules already in the IP rule set disallowing or allowing the same kind of traffic. SIP Usage Scenarios NetDefendOS supports a variety of SIP usage scenarios. The following three scenarios cover nearly all possible types of usage: • Scenario 1 Protecting local clients - Proxy located on the Internet The SIP session is between a client on the local, protected side of the NetDefend Firewall and a client which is on the external, unprotected side. The SIP proxy is located on the external, unprotected side of the NetDefend Firewall. Communication typically takes place across the public Internet with clients on the internal, protected side registering with a proxy on the public, unprotected side. • Scenario 2 Protecting proxy and local clients - Proxy on the same network as clients The SIP session is between a client on the local, protected side of the NetDefend Firewall and a client which is on the external, unprotected side. The SIP proxy is located on the local, protected side of the NetDefend Firewall and can handle registrations from both clients located on the same local network as well as clients on the external, unprotected side. Communication can take place across the public Internet or between clients on the local network. • Scenario 3 Protecting proxy and local clients - Proxy on a DMZ interface The SIP session is between a client on the local, protected side of the NetDefend Firewall and a client which is on the external, unprotected side. The SIP proxy is located on the DMZ interface and is physically separated from the local client network as well as the remote client network and proxy network. All the above scenarios will also deal with the situation where two clients in a session reside on the same network. These scenarios will now be examined in detail. Scenario 1 Protecting local clients - Proxy located on the Internet The scenario assumed is an office with VoIP users on a private internal network where the network's topology will be hidden using NAT. This is illustrated below. 268