[Asterisk-Users] OT: SIP aware firewalls?
Leo Ann Boon
leo at datvoiz.com
Fri Jan 6 18:36:41 MST 2006
Chris Bagnall wrote:
>>I know that I can stay with m0n0. The question still stands;
>>are there circumstances when something more is required?
>>Would something be gained by such a migration.
>>
>>
>
>I would think the only real circumstances where true SIP-aware firewalls
>would be required would be in an environment where one had many SIP devices
>behind a NAT (and by many I mean more than it's reasonably practical to
>assign different port numbers to).
>
>I'm no expert on firewalls, so hopefully someone'll correct me if I'm
>mistaken.
>
>
You want a router with outbound proxy when you have many devices behind
nat. The outbound proxy will take care of the RTP port mapping and also
be smart eoungh to ensure that RTP packets between proxied endpoints
don't leave the LAN. Some outbound proxies can act as a registrar to
allow local endpoints to call each other even when there's no connection
to the default registrar. Take a look at the Thomson Speedtouch 610 DSL
router/firewall with SIP http://www.speedtouchdsl.com/pdf%5Cdatasheet610.pdf
More information about the asterisk-users
mailing list