Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Sip aware firewalls as SIP Proxy

Status
Not open for further replies.
danramirez

danramirez

Programmer
Oct 25, 2009
1,134
0
36
ES
Hi Guys,

when we connect SIP trunks to the 3300 we always do it by using the MBG as a SIP proxy, this way we don't have that much headaches with SIP.

This weekend I was reading this from the Eng. Guidelines:

The 3300 ICP supports integration with SIP Firewalls. Mitel recommends that a SIP aware
Firewall be configured as the Outbound Proxy through the Network Elements form. Then the
SIP Peer Profiles can reference the Outbound Proxy Server and route all signaling via the
Firewall.

The ingate SIP Firewall is interoperable with the 3300 ICP based SIP solution. You can obtain
the Ingate product documentation at w.ingate_com. The Mitel SIP firewall product is the
MBG. Information is available on Mitel OnLine.

The question is: have any of you ever use a sip aware firewall as a sip proxy? Do one need to do any programing on the firewall? Is the programming on the 3300 the same as if we had the MBG (Network element and then include it in the Sip peer?

Regards,

Daniel

 
Sort by date Sort by votes
I have used the Ingate firewall and there is considerable programming. The programming on the 3300 is the same.
 
Upvote 0 Downvote
Never used one myself. Think SIP aware means a firewall that understands messaging and can pass it without issue once it has been configured.

I'd tell you a UDP joke but I'm afraid you won't get it. TCP jokes are the best because you always get them.
 
Upvote 0 Downvote
Most of my SIP/3300 installs have direct SIP Peer connection to carrier (Windstream/Paetec); The carrier providing and programming any routers & firewalls involved.
 
Upvote 0 Downvote
We have used SIP aware routers. The general issue is the SIP carrier will need a specific IP in the SIP header (more than likely the IP the SIP service authenticates with), however with some non SIP aware firewalls the internal IP of the handset / device making the call may be sent in the header and therefore the SIP carrier just drops the packets and the call fails.
As you say MBG gets around this, we have used some Cisco and Juniper firewalls to overcome, however this has been problematic.
We generally recommend the use of MBG however if the customer has a SIP aware firewall inplace and they are able to open the required ports and create the required NAT rules this is of course a cost saving as you dont need MBG, licences etc

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

sadic
  • Question
no outgoing via sip trunk
Replies
5
Views
179
SXWizard
SXWizard
Tinos
  • Question
MIVB SIP Trunk to Provider 3
Replies
4
Views
584
Tinos
Tinos
W
  • Question
How do you block specific numbers SIP trunk?
Replies
2
Views
295
jerdog101
jerdog101
MarvinJK
  • Locked
  • Question
Incoming calls via SIP trunk on Auto-Attendant
Replies
11
Views
195
MarvinJK
MarvinJK
Johnniehec
  • Locked
  • Question
SIP Trunk ARS
Replies
7
Views
106
Johnniehec
Johnniehec

Part and Inventory Search

Sponsor

Back
Top