Snom 4S - page 32

32 • Conﬁ guration

[ S N O M 4S NAT FI L T E R ]

For http and https, you need to know the port numbers when you

want to log in. We recommend not using the standard ports. Operating a

server on the public internet usually leads to a lot of denial of service at-

tacks on the standard ports.

For sip, you must decide if you want to run the server on a stand-

ard port or a random port.

Standard Port Random Port

• User Agents that don’t

support DNS SRV can

automatically ﬁnd the server

• SIP-aware ﬁrewalls

automatically take care

about user agents behind

NAT

• Buggy SIP-aware ﬁrewalls

don’t introduce new

problems by modifying SIP

packets

• Less dangerous for DoS

attacks

• Several SIP services can be

run on the same host

The decision depends on the situation. If you plan to use a good

SIP ﬁrewall, you should choose the standard port. Otherwise we would

tend to recommend a random port. Non NAT-aware user agents usually

must be conﬁgured manually anyway; in this case you can also provide a

port number.

The port for secure sip (sips) is usually 5061. The decision which

port to use is similar to the decision for the SIP port. We recommend using

a random port and publising the port number using DNS SRV.

In some situations when you have several IP addresses you want

to limit the bindings to a speciﬁc IP address. You can do this by selecting

the appropriate address from the pull down menu. If you choose „Default

Address“, the server will bind to all available addresses. If you select

„Public Address“, the server will select a public address; if you select „Pri-

vate Address“, the server will select a private address.

4.

Contents

Main snom 4S NAT Filter Version 2.11 Table of Contents 1 Overview ..........................................................5 2 Architecture .....................................................9 3 Installation .....................................................23 4 Conguration ..................................................31 5. Web Server Integration ..................................51 6. SNMP ..............................................................61 7 Checklist for Installation ................................65 1 Overview 1.1 Applications 1.2 Features Page Page 2 Architecture 2.1 The NAT Filter and SIP 2.2 NAT 2.2.1 How does NAT work? 2.2.2 Symmetrical RTP 2.2.3 Signalling SIP 2.2.4 Media RTP 2.2.5 Classication of User Agents 2.2.6 Probing Media Paths 2.2.7 The Role of the NAT Filter 2.2.8 Optimizing the Media Path for Symmetrical NAT 2.3 SBC Behaviour 2.3.1 Registering 2.3.3 RTP Relay Page 2.4 Scaling and Redundancy 2.5 Detecting the right NAT Filter 2.6 Requirements on User Agents 2.6.1 Non NAT-Aware User Agents 2.6.2 STUN/ICE-Aware User Agents 2.7 Dening the Maximum Session Time Page 3 Installation 3.1 Windows Page Page Page Page 3.2 Linux Page Page 4 Conguration Page Page 4.3.2 Preparing Recovery 4.3.3 General Outound Proxy 4.3.4 Media Ports 4.3.5 Port Budgets 4.3.6 Media Relay 4.3.7 Controlling Routing 4.3.8 Multiple 2xx Handling 4.3.9 Challenging 4.3.10 Trusted Addresses 4.3.11 Maximum Packet Size 4.3.12 Silence Suppression 4.3.13 Connection Oriented Media 4.3.14 Removing Headers 4.3.15 Codec Control 4.3.16 Web Server Integration 4.3.17 CLIR Addresses 4.4 Timeout Settings 4.4.1 Register Timeouts 4.4.2 Call Timeouts 4.5 Security Settings Page 4.6 Outbound Proxy List 4.7 System Information 4.8 Server Log 4.9 Trace 4.10 Call History 4.11 Current Ports 4.12 Currently Handled UA 4.13 Memory Statistics Page 5. Web Server Integration 5.1 Interface to the Web Server 5.2 Authentication Page Page 5.3 Registration 5.4 Call Initiation Page 5.5 Call Termination Page Page 6. SNMP 6.1 Setup of the SBC 6.2 Setup of the Tools 6.3. Available OID Page Page 7 Checklist for Installation 7. 6.1 Linux 6.2 Windows 7. Readers Feedback