D-Link DFL-260E User Manual for DFL-260E - Page 299
Scenario 3, Protecting proxy and local clients - Proxy on the DMZ interface, 2.8. The SIP ALG
View all D-Link DFL-260E manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 299 highlights
6.2.8. The SIP ALG Chapter 6. Security Mechanisms Proxy&Clients InboundTo Proxy&Clients Action Allow Src Interface wan Src Network (ip_proxy) all-nets Dest Interface Dest Network lan lannet (ip_proxy) If Record-Route is enabled then the networks in the above rules can be further restricted by using "(ip_proxy)" as indicated. Scenario 3 Protecting proxy and local clients - Proxy on the DMZ interface This scenario is similar to the previous but the major difference is the location of the local SIP proxy server. The server is placed on a separate interface and network to the local clients. This setup adds an extra layer of security since the initial SIP traffic is never exchanged directly between a remote endpoint and the local, protected clients. The complexity is increased in this scenario since SIP messages flow across three interfaces: the receiving interface from the call initiator, the DMZ interface towards the proxy and the destination interface towards the call terminator. This the initial messages exchanges that take place when a call is setup in this scenario are illustrated below: 299