ZyXEL Communications 1000 Manual De Usuario

Descargar
Página de 1075
 Chapter 21 ALG
ZyWALL USG 1000 User’s Guide
403
• There should be only one SIP server (total) on the ZyWALL’s private networks. 
Any other SIP servers must be on the WAN. So for example you could have a 
Back-to-Back User Agent such as the IPPBX x6004 or an asterisk PBX on the 
DMZ or on the LAN but not on both. 
• Using the SIP ALG allows you to use bandwidth management on SIP traffic.
• The SIP ALG handles SIP calls that go through NAT or that the ZyWALL routes. 
You can also make other SIP calls that do not go through NAT or routing. 
Examples would be calls between LAN IP addresses that are on the same 
subnet.
• The SIP ALG supports peer-to-peer SIP calls. The firewall (by default) allows 
peer to peer calls from the LAN zone to go to the WAN zone and blocks peer to 
peer calls from the WAN zone to the LAN zone.
• The SIP ALG allows UDP packets with a specified port destination to pass 
through.
• The ZyWALL allows SIP audio connections.
• You do not need to use TURN (Traversal Using Relay NAT) for VoIP devices 
behind the ZyWALL when you enable the SIP ALG.
• Configuring the SIP ALG to use custom port numbers for SIP traffic also 
configures the application patrol (see 
) to use the same 
port numbers for SIP traffic. Likewise, configuring the application patrol to use 
custom port numbers for SIP traffic also configures SIP ALG to use the same 
port numbers for SIP traffic. 
Peer-to-Peer Calls and the ZyWALL
The ZyWALL ALG can allow peer-to-peer VoIP calls for both H.323 and SIP. You 
must configure the firewall and NAT (port forwarding) to allow incoming (peer-to-
peer) calls from the WAN to a private IP address on the LAN (or DMZ). 
VoIP Calls from the WAN with Multiple Outgoing Calls
When you configure the firewall and NAT (port forwarding) to allow calls from the 
WAN to a specific IP address on the LAN, you can also use policy routing to have 
H.323 (or SIP) calls from other LAN or DMZ IP addresses go out through a 
different WAN IP address. The policy routing lets the ZyWALL correctly forward the 
return traffic for the calls initiated from the LAN IP addresses. 
For example, you configure the firewall and NAT to allow LAN IP address A to 
receive calls from the Internet through WAN IP address 1. You also use a policy 
route to have LAN IP address make calls out through WAN IP address 1
Configure another policy route to have H.323 (or SIP) calls from LAN IP addresses 
B and C go out through WAN IP address 2. Even though only LAN IP address