Chapter 25 ALG Screen

Figure 298 H.323 Calls from the WAN with Multiple Outgoing Calls

The H.323 ALG operates on TCP packets with a port 1720 destination.

The ZyWALL allows H.323 audio connections.

The ZyWALL can also apply bandwidth management to traffic that goes through the H.323 ALG.

25.5SIP

The Session Initiation Protocol (SIP) is an application-layer control (signaling) protocol that handles the setting up, altering and tearing down of voice and multimedia sessions over the Internet. SIP is used in VoIP (Voice over IP), the sending of voice signals over the Internet Protocol.

SIP signaling is separate from the media for which it handles sessions. The media that is exchanged during the session can use a different path from that of the signaling. SIP handles telephone calls and can interface with traditional circuit-switched telephone networks.

25.5.1 STUN

STUN (Simple Traversal of User Datagram Protocol (UDP) through Network Address Translators) allows the VoIP device to find the presence and types of NAT routers and/or firewalls between it and the public Internet. STUN also allows the VoIP device to find the public IP address that NAT assigned, so the VoIP device can embed it in the SIP data stream. See RFC 3489 for details on STUN. You do not need to use STUN for devices behind the ZyWALL if you enable the SIP ALG.

25.5.2SIP ALG Details

SIP clients can be connected to the LAN, WLAN or DMZ. A SIP server must be on the WAN.

You can make and receive calls between the LAN and the WAN, between the WLAN and the WAN and/or between the DMZ and the WAN. You cannot make a call between the LAN and the LAN, between the LAN and the DMZ, between the LAN and the WLAN, between the DMZ and the DMZ, and so on.

The SIP ALG allows UDP packets with a port 5060 destination to pass through.

The ZyWALL allows SIP audio connections.

The following example shows SIP signaling (1) and audio (2) sessions between SIP clients A and B and the SIP server.

476

 

ZyWALL 2WG User’s Guide