4 Knowledge Base

 

 TelecomTrainning.net > Knowledge Base
 Viewing KB Article
Good Evening, - Please register or - log-in to your account.
Search
Search   Saved Questions   Ask a question
Keywords 
 
Available categories
LTE
100 of Questions in LTE
CCNA Certification
CCNA Sample Q & A (1000 + Q &A)
(Network +) Certification
(Network +) Sample Q & A (1000 + Q &A)
Networking
General/Interview Q& A on Networking
Home Networking
General/Interview Q& A on Networking
VOIP, SIP & Asterisk
Q & A on VOIP,Ethereal, SIP & Asterisk
Telecom Test Equipments
Q & A on Telecom Test Equipment
PSTN / Wireline
General / Interview Q & A on PSTN / Wireline
LTE, Wireless, 3G ,Diameter and HSS
General/Interview Q & A on LTE, Wireless, 3G ,Diameter and HSS
Telecom General
Any Q & A in Telecom in General

Top Questions
Friends, Describe Secure storage and distribution of A-Keys?
what is the difference between E1 signal & Ethernet signal ?
How do I monitor SS7 Traffic in spectra2?
Can you tell me about PBGT?
Explain me the difference between a repeater, bridge and router? Relate this to the OSI model.
What is the difference between BRI & PRI ?
Guys what is the purpose of Umbrella Cell Approach in GSM ?
how can we explain media gateway in MSc?
What is GGSN?
What is the difference between Electrical-tilt and Mechanical-tilt of an antenna?
What is BSC?
What is demarc point?
Can any one explain me how sms flow will work using ss7 network ?( from physical layer to application layer)
why cellphone towers are painted in red and white?
Explain SLTA and SLTM messages in MTP3?
Hi guys what is WAP?
wat is the difference betweem MSC & GMSC, & MSS & GCS?
what is EDAp? what is the functions of EDAP?
What is a circuit id?
what is sdh?

Where Firewalls and NATS affect SIP?
michaeldavid23 21-July-2008 12:16:45 PM

Comments


www.cs.columbia.edu/sip/drafts/Ther0005_SIP.pdf
Posted by saqlain231


4.7. Firewalls and NAT

Firewalls and Network Address Translation (NAT) affect IP telephony signaling protocols, making it impossible to call targets outside the private or protected network. While often firewalls and NATs go hand in hand, they impose two different problems which shall be described here.

Firewalls and IP telephony

Both SIP and H.323 calls use a number of different ports, out of which only the signaling ports are well defined - TCP port 1720 for H.323 and TCP port 5060 (early versions of SIP used 5060 UDP as well). To be able to place and receive calls to/from outside the protected network opening these ports is a minimal requirement.

After signaling has started, further channels are required. H.323 often uses a separate TCP connection for capability exchange (H.245), which uses dynamically assigned port numbers. Likewise the RTP media stream uses dynamically assigned port numbers on each side. The only restriction that applies to these ports is that they are in the port range > 1023.

As a result, a firewall protected IP telephony zone needs either a firewall that does not protect ports > 1023 or a firewall that is IP telephony aware - meaning that it monitors all SIP and H.323 messages in order to open and close the required ports on the fly. A third alternative is to deploy an H.323 or SIP proxy outside the protected zone protected by the firewall, perhaps in a DMZ, and configure the firewall to allow communication of endpoints only with this proxy. This is a mid-level security approach, as it permits the relatively safe communication between protected endpoints and a trusted proxy server outside the firewall.
Posted by sagitraz



Posted by caroline

Q&A Rating

Q&A Rating
Rate This Question and Answer

Related Questions
Explain End-to-end and Hop-by-hop Headers?
 
What are main function of SIP Signaling Protocols?
 
write the same standard IP access list as a named access list.???


Search questions via popularity
Top viewed questions  Top emailed questions  Most printed questions  Most saved questions
 
Copyright © Telecom Training, All Rights Reserved