![]() Connections are - Specify whether connections are Allowed, Denied, or Denied (send reset) and define who appears in the From and To list (on the Policy tab of the proxy definition).You can use the settings on this tab to set logging, notification, automatic blocking, and timeout preferences. The Settings tab also shows the port and protocol for the policy, as well as an optional description of the policy. On the Settings tab, you can set basic information about a proxy policy, such as whether it allows or denies traffic, create access rules for a policy, or configure static NAT or server load balancing. You must disable NAT on your VoIP devices if you configure an H.323 or SIP ALG.įor more information on how to add a proxy to your configuration, see Add a Proxy Policy to Your Configuration. The H.323 and SIP ALGs also perform this function. Many VoIP devices and servers use NAT (Network Address Translation) to open and close ports automatically. Generates log messages for auditing purposes.Makes sure that VoIP connections use standard H.323 protocols.Opens the ports necessary to make and receive calls, and to exchange audio and video media.This can help you to troubleshoot any problems. We recommend you make sure that VoIP connections work successfully before you add an H.323 or SIP ALG. Other solutions require you to set up and maintain a gatekeeper on your network.Ĭoordination of the many components of a VoIP installation can be a difficult task. For example, some VoIP providers host a gatekeeper on their network that you must connect to before you can place a VoIP call. A gatekeeper manages VoIP calls for a group of users, and can be located on a network protected by your Firebox or at an external location. With H.323, the key component of call management is known as a gatekeeper. The call management system can be self-hosted, or hosted by a third-party service provider. ![]() In a peer-to-peer connection, each of the two devices knows the IP address of the other device and connects to the other directly, without the use of a proxy server to route their calls.Ĭonnections managed by a call management system (PBX). It is important to understand that you usually implement VoIP by using either: To determine which ALG to add, consult the documentation for your VoIP devices or applications. You can use both H.323 and SIP ALGs at the same time, if necessary. H.323 is commonly used on videoconferencing equipment. These ALGs have been created to work in a NAT environment to maintain security for privately addressed conferencing equipment protected by your Firebox. An ALG is created in the same way as a proxy policy and offers similar configuration options. Various other trademarks are held by their respective owners.If you use Voice-over-IP (VoIP) in your organization, you can add an H.323 or SIP (Session Initiation Protocol) ALG (Application Layer Gateway) to open the ports necessary to enable VoIP through your Firebox. WatchGuard and the WatchGuard logo are registered trademarks or trademarks of WatchGuard Technologies in the United States and other countries. If you do not want to log connections made by a user with an access level exception, clear the Log check box adjacent to the exception. To delete an exception, select it in the list and click Remove.Ĭonnections made by users who have an access level exception are logged by default. These settings apply only to SIP VoIP traffic. ![]() You can select whether to allow users to Start calls only, Receive calls only, Start and receive calls, or give them No VoIP access. įrom the Access Level drop-down list, select an access level and click Add. This is usually a SIP address in the format such as. To create an exception to the default settings you specified, type the Address of Record (the address that shows up in the TO and FROM headers of the packet) for the exception. To create a log message for each SIP VoIP connection that is started or received, select the adjacent Log check box. To allow all VoIP users to receive calls by default, select the Receive VoIP calls check box. To allow all VoIP users to start calls by default, select the Start VoIP calls check box. When enabled, the SIP-ALG allows or restricts calls based on the options you set. To enable the access control feature, select this check box. SIP-ALG Action access control configuration in Policy Manager SIP-ALG Action access control configuration in Fireware Web UI In the SIP-ALG Action Access Control configuration, you can create a list of users who are allowed to send VoIP network traffic.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |