![]() INDEX TOC |
1:1
nat a record keyword about ac accept access to card reader ad add contact in messenger address range keyword address redirect add sip users static routes user administration firewall adsl modem bridge operation adsl connection keyword overview services settings air alt cfg altconf appliance control sip application support auto login enable auto-login settings back panel blo blocked block firewall brd bridge adsl modem broadband security browser configuration buttons cables overview call sip address (messenger) cfg change firewall rules firewall settings language log, online manual security profile wan interface check ip address cli client configuration (mac) configuration (win) clone mac address settings codes error code upgrade command & conquer III command line interface compatibility configuration browser keys macintosh client remote configurations adsl interface configuration sip configurations network configuration tcp/ip windows client configure firewall subnet mask connection to internet connectors connect to web server usb construe security log contact add in messenger contents control sip users cross-over keyword daddr dc deactivate adsl modem decode security log default settings delete static routes delta force deny descent 3 destination dhcp keyword turn off (web) dhp dhp lan err diagnostic test direct x disable dhcp (web) sip support display dmz enable keyword documentation feedback domain sip dot-test dport driver smart card dslam dynamic ip keyword dynamic dns dyndns edit rules security profile elucidate security log notification enable sip support error codes et1 indicator et2 indicator exp explain security log export firewall log security profile factory default faq feedback documentation filter firewall log export firewall rules change settings syntax firewall administrate block connect server log security level technologies technology firmware keyword upgrade version flags free sip accounts frequently asked questions front panel ftp file transfer protocol keyword full-text search help hi high home hub keyword icmpcode icmptype icq support support import security profile index indicators inspect install smart card reader instant messaging keyword interface keyword web internet connection ip address check multiple wan renew show (wan) show (lan) ip alias ipsec client set-up keyword vpn ip telephony keep alive enable keep-alive settings key configuration keys lan lan err language change lan setup (overview) leds line lo local network login automatic log security system low lq mac address keyword settings macintosh client configuration manual change log mask set show messenger add contact microsoft microsoft messenger modem operation modify msn messenger multiple wan ip addresses nat 1:1 keyword network network gaming network server network settings setup (overview) new manual change log notification off dhcp on dhcp online help operation modem operator settings package packet filtering keyword packet filtring firewall technology panel keys Password Change pdu phone play games port redirection port keyword ports common redirect pppoa keyword settings pppoe keyword settings pptp client set-up keyword vpn presence keyword profile bridge change change export import proto protocol redirect protocols ftp protocol sip proxy firewall technology keyword red alert redirect ports redirect protocol address register allow users remote configuration remove static routes user render security log renew ip address Procedures requirements reset modem routes add or delete rst rules syntax rx rxd saddr sc led search security level set security log export interpret security profile change edit export import overview security broadband log settings smart card reader select server setup sip services sip session initiation protocol support sessions current sip set set up set default dhcp on dhcp off ip address subnet mask security level settings adsl network security sip setup network (overview) show ip (lan) mask subnet mask ip address (wan) sip address call (messenger) sip proxy keyword sip registrar keyword sip appliance control components configuration current sessions current users enable disable free address implementation keyword server domain services support users allowed smart card reader install restrict access security technical data test uninstall upgrade driver smart card keyword software upgrade version source specification speed splitter keyword sport srv record keyword start stateful inspection firewall technology keyword static ip keyword static routes add or delete stop all traffic straight-through keyword subnet mask set show support applications faq games remote configuration system log syntax firewall rule system requirements system log tab tcp/ip configuration tcpflags tcp inactivity timeout technical specification technology firewall telephony ip telnet interface test card reader timeout tcp inactivity toc tos traffic stop troubleshooting diagnostic test overview smart card troubleshootingt system log trycard.exe turn off dhcp dhcp (web) turn on dhcp tx txd uninstall smart card reader untangle security log update manual change log upgrade firmware reader driver usb connect user add remove users current sip wan interface change mask web configuration web server on network web interface version windows client configuration tcp/ip vpn ipsec keyword pass through pptp |
![]() |
SIP Implementation in Internet Gate The relays SIP traffic and keep track of which ports should be used for NAT, enabling machines on different sides of a firewall to send and receive media streams just as if there was no firewall at all. They implement the SIP protocol as described in RFC 2543 including: SIP user registration For outgoing SIP requests, only a SIP proxy is needed. Incoming SIP requests however, need some device that keeps track of the local users so that the request can be relayed to the right machine and user. This is particularly important when NAT is used, since no SIP registrar on the outside will know the IP addresses on the internal networks. The manages user registrations, allowing the SIP module to keep track of where to send incoming session requests. It is also possible to make restrictions on which users are allowed to register and/or from where they can register. You can also monitor which users are currently registered. The integrated registrar can be the main registrar or only be a passive registrar, monitoring and storing information from registration done at an outside registrar. In both cases, the registrar keeps the required information to locate users inside the firewall. Each registration has a timeout after which it is removed unless the client extends it. SIP header rewriting for NAT addresses The SIP proxy server in the handles the SIP-NAT combination by rewriting the SIP headers to give them the right IP addresses. This can be done, as it is the firewall itself that provides the NAT addresses. SIP request relaying The relays SIP requests for a user through the firewall to the device (computer, telephone, etc) from which the user has registered. In this way other SIP users behind other interfaces of the firewall can contact the user. If no registration exists for a user, the firewall returns a SIP error message when someone tries to contact him. The firewall rules are temporarily changed to let the media streams through. The user can monitor which sessions are currently active. A SIP session media stream can consist of many different MIME types. The clients agree on what MIME types they both understand and can handle. On top of this, the user can choose what MIME types the firewall should forward. Common MIME types like text/plain and text/html should probably be forwarded, but you can block types that you don't want to allow through. The user can also restrict the number of concurrent media streams for a session. Users can choose whether to process SIP requests in the firewall or forward them to an external, outbound SIP proxy. This can be useful if you want the firewall to keep a registry of local users only, and forward (and NAT if needed) all requests for external users to the external proxy (which in turn probably forwards requests to other proxies). SIP user authentication Digest Access Authentication like in HTTP can perform SIP user authentication. This is an authentication method that uses checksums, which means that the required Shared Secret is never sent in the clear. The Digest method used is auth, which allows for NAT as it does not use the IP addresses in the headers of the message as part of the checksum. More information: Incoming SIP RequestsOutbound SIP Requests |