Chapter14. Firewall and Client Configuration
NATbetween the Telecommuting Module and the Internet must not be used.
NATbetween the Telecommuting Module and the internal networks must not be used.

The SIP clients

SIPclients will use the Telecommuting Module as their outgoing SIP proxy and as their registrar (if they can’t be
configuredwith the domain only). If you don’t want to use the Telecommuting Module as the registrar, you should
pointthe clients to the SIP registrar you want to use.
Other
TheDNS server used must have a record for the SIP domain, which states that the Telecommuting Module handles
thedomain, or many SIP clients won’t be able to use it (if you don’t use plain IP addresses as domains).
The DMZ/LAN type
Usingthe DMZ/LAN type, the network configuration should look like this:

The Firewall

Thefirewall to which the Telecommuting Module is connected should have the following configuration:
SIP over UDP
Letthrough UDP traffic between the Internet (all high ports) and the Telecommuting Module (port 5060). You
mustallow traffic in both directions.
Letthrough UDP traffic between the Internet (all high ports) and the Telecommuting Module (the port interval
formedia streams which was set on the Basic page). You must allow traffic in both directions.
Letthrough UDP traffic between the Telecommuting Module (all high ports) and the Internet (port 53). You must
allowtraffic in both directions. This enables the Telecommuting Module to make DNS queries to DNS servers on
theInternet. If the DNS server is located on the same network as the Telecommuting Module, you don’t have to
dothis step.
NATbetween the Telecommuting Module and the Internet must not be used.
SIP over TCP/TLS
Letthrough TCP traffic between the Internet (all high ports) and the Telecommuting Module (ports 1024-32767).
Youmust allow traffic in both directions.
Letthrough UDP traffic between the Internet (all high ports) and the Telecommuting Module (the port interval
formedia streams which was set on the Basic page). You must allow traffic in both directions.
Letthrough UDP traffic between the Telecommuting Module (all high ports) and the Internet (port 53). You must
allowtraffic in both directions. This enables the Telecommuting Module to make DNS queries to DNS servers on
theInternet. If the DNS server is located on the same network as the Telecommuting Module, you don’t have to
dothis step.
NATbetween the Telecommuting Module and the Internet must not be used.
122