Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Sip aware firewalls as SIP Proxy

Status
Not open for further replies.

danramirez

Programmer
Oct 25, 2009
1,136
ES
Hi Guys,

when we connect SIP trunks to the 3300 we always do it by using the MBG as a SIP proxy, this way we don't have that much headaches with SIP.

This weekend I was reading this from the Eng. Guidelines:

The 3300 ICP supports integration with SIP Firewalls. Mitel recommends that a SIP aware
Firewall be configured as the Outbound Proxy through the Network Elements form. Then the
SIP Peer Profiles can reference the Outbound Proxy Server and route all signaling via the
Firewall.

The ingate SIP Firewall is interoperable with the 3300 ICP based SIP solution. You can obtain
the Ingate product documentation at w.ingate_com. The Mitel SIP firewall product is the
MBG. Information is available on Mitel OnLine.

The question is: have any of you ever use a sip aware firewall as a sip proxy? Do one need to do any programing on the firewall? Is the programming on the 3300 the same as if we had the MBG (Network element and then include it in the Sip peer?

Regards,

Daniel

 
I have used the Ingate firewall and there is considerable programming. The programming on the 3300 is the same.
 
Never used one myself. Think SIP aware means a firewall that understands messaging and can pass it without issue once it has been configured.

I'd tell you a UDP joke but I'm afraid you won't get it. TCP jokes are the best because you always get them.
 
Most of my SIP/3300 installs have direct SIP Peer connection to carrier (Windstream/Paetec); The carrier providing and programming any routers & firewalls involved.
 
We have used SIP aware routers. The general issue is the SIP carrier will need a specific IP in the SIP header (more than likely the IP the SIP service authenticates with), however with some non SIP aware firewalls the internal IP of the handset / device making the call may be sent in the header and therefore the SIP carrier just drops the packets and the call fails.
As you say MBG gets around this, we have used some Cisco and Juniper firewalls to overcome, however this has been problematic.
We generally recommend the use of MBG however if the customer has a SIP aware firewall inplace and they are able to open the required ports and create the required NAT rules this is of course a cost saving as you dont need MBG, licences etc

 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top