SonicWALL 2.5 Benutzerhandbuch
S
ONIC
WALL S
ONIC
OS 2.5 E
NHANCED
A
DMINISTRATOR
’
S
G
UIDE
155
Firewall > VoIP
SIP Settings
This section provides configuration tasks for SIP Settings.
• Enable SIP Transformations - This setting transforms SIP messages between LAN (trusted) and
WAN/DMZ (untrusted). You need to check this setting when you want the SonicWALL to do the
SIP transformation. If your SIP proxy is located on the public (WAN) side of the SonicWALL and
SIP clients are on the LAN side, the SIP clients by default embed/use their private IP address in
the SIP/Session Definition Protocol (SDP) messages that are sent to the SIP proxy, hence these
messages are not changed and the SIP proxy does not know how to get back to the client behind
the SonicWALL. Selecting Enable SIP Transformations enables the SonicWALL to go through
each SIP message and change the private IP address and assigned port. Enable SIP
Transformation also controls and opens up the RTP/RTCP ports that need to be opened for the
SIP session calls to happen. NAT translates Layer 3 addresses but not the Layer 7 SIP/SDP
addresses, which is why you need to select Enable SIP Transformations to transform the SIP
messages. It's recommended that you turn on Enable SIP Transformations unless there is
another NAT traversal solution that requires this feature to be turned off. SIP Transformations
works in bi-directional mode and it transforms messages going from LAN to WAN and vice versa.
SIP transformation. If your SIP proxy is located on the public (WAN) side of the SonicWALL and
SIP clients are on the LAN side, the SIP clients by default embed/use their private IP address in
the SIP/Session Definition Protocol (SDP) messages that are sent to the SIP proxy, hence these
messages are not changed and the SIP proxy does not know how to get back to the client behind
the SonicWALL. Selecting Enable SIP Transformations enables the SonicWALL to go through
each SIP message and change the private IP address and assigned port. Enable SIP
Transformation also controls and opens up the RTP/RTCP ports that need to be opened for the
SIP session calls to happen. NAT translates Layer 3 addresses but not the Layer 7 SIP/SDP
addresses, which is why you need to select Enable SIP Transformations to transform the SIP
messages. It's recommended that you turn on Enable SIP Transformations unless there is
another NAT traversal solution that requires this feature to be turned off. SIP Transformations
works in bi-directional mode and it transforms messages going from LAN to WAN and vice versa.
• Permit non-SIP packets on signaling port - This checkbox is disabled by default. Select this
checkbox for enabling applications such as Apple iChat. Enabling this checkbox may open your
network to malicious attacks caused by malformed or invalid SIP traffic.
network to malicious attacks caused by malformed or invalid SIP traffic.
• SIP Signaling inactivity time out (seconds) - This field has a default value of 1200 seconds
(20 minutes).
• SIP Media inactivity time out (seconds) - This field has a default value of 120 seconds
(2 minutes).
H.323 Settings
This section provides configuration tasks for H.323 Settings.
• Enable H.323 Transformation - Select this option to allow stateful H.323 protocol-aware packet
content inspection and modification by the SonicWALL. The SonicWALL performs any dynamic IP
address and transport port mapping within the H.323 packets, which is necessary for
communication between H.323 parties in trusted and untrusted networks/zones. Clear the Enable
H.323 Transformation to bypass the H.323 specific processing performed by the SonicWALL.
address and transport port mapping within the H.323 packets, which is necessary for
communication between H.323 parties in trusted and untrusted networks/zones. Clear the Enable
H.323 Transformation to bypass the H.323 specific processing performed by the SonicWALL.
• Only accept incoming calls from Gatekeeper - Select this checkbox to ensure all incoming calls
go through the Gatekeeper for authentication. The Gatekeeper will refuse calls that fail
authentication.
authentication.
• Enable LDAP ILS Support - LDAP stands for Lightweight Directory Access Protocol, a standard
protocol for accessing information in a directory. ILS stands for Internet Locator Service, a LDAP
service that enables Microsoft NetMeeting users to locate and connect to users for conferencing
and collaboration over the Internet.
service that enables Microsoft NetMeeting users to locate and connect to users for conferencing
and collaboration over the Internet.