D-Link DFL-260E User Manual for DFL-260E - Page 295
SIP Usage Scenarios, Scenario 1, Protecting local clients - Proxy located on the Internet
View all D-Link DFL-260E manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 295 highlights
6.2.8. The SIP ALG Chapter 6. Security Mechanisms SIP Usage Scenarios NetDefendOS supports a variety of SIP usage scenarios. The following three scenarios cover nearly all possible types of usage: • Scenario 1 Protecting local clients - Proxy located on the Internet The SIP session is between a client on the local, protected side of the NetDefend Firewall and a client which is on the external, unprotected side. The SIP proxy is located on the external, unprotected side of the NetDefend Firewall. Communication typically takes place across the public Internet with clients on the internal, protected side registering with a proxy on the public, unprotected side. • Scenario 2 Protecting proxy and local clients - Proxy on the same network as clients The SIP session is between a client on the local, protected side of the NetDefend Firewall and a client which is on the external, unprotected side. The SIP proxy is located on the local, protected side of the NetDefend Firewall and can handle registrations from both clients located on the same local network as well as clients on the external, unprotected side. Communication can take place across the public Internet or between clients on the local network. • Scenario 3 Protecting proxy and local clients - Proxy on a DMZ interface The SIP session is between a client on the local, protected side of the NetDefend Firewall and a client which is on the external, unprotected side. The SIP proxy is located on the DMZ interface and is physically separated from the local client network as well as the remote client network and proxy network. All the above scenarios will also deal with the situation where two clients in a session reside on the same network. These scenarios will now be examined in detail. Scenario 1 Protecting local clients - Proxy located on the Internet The scenario assumed is an office with VoIP users on a private internal network where the network's topology will be hidden using NAT. This is illustrated below. 295