INDEX   TOC
Introduction
Product Overview
Settings and Administration
ADSL
  ADSL Overview
  Modem Operations
  The Splitter
SIP Support
Security
Firewall Administration
Troubleshooting

Outbound SIP Requests

This is what does for outbound SIP requests:

1. Catch any packet on port 5060 bound to or through the firewall.
2. Inspect the headers and the body of the packet.
3. Many headers, such as the Via header and the routing headers, will contain the IP address of the sender. Since the firewall uses NAT, this information will have to be rewritten as the packet is passing through the firewall.
4. The body will probably contain SDP information about which media streams the sender wishes to receive, and which IP address and ports it wants to use for this. Some of this information will be stored in the firewall, depending on the characteristics of the SIP request (stateful transaction).
5. Allocate ports on one of the firewall's outside IP addresses. The firewall has a set of ports dedicated for SIP traffic. Replace all IP information in the headers and body with this IP address and port.
6. It will also replace the Via header of the client with one containing information about the firewall itself.
7. Forward the packet.
8. If an external SIP proxy is defined, the packet will be sent to this address.
9. If no external SIP proxy is defined, the Intertex Firewall will try to locate a SIP server for the receiver by asking in DNS for SRV and/or A records for the SIP server. The packet will then be sent to this SIP server.
10. If this fails, the firewall will try to resolve the domain itself in DNS and send the packet there. If the domain cannot be resolved, an error is reported to the client.
11. Set up a firewall rule to let the media stream through.
12. Intercept all following packets for this media stream and rewrite the IP headers.
13. Remove the firewall rule when the session is terminated.