Policy Configuration : Configuring Voice over IP Settings

Configuring Voice over IP Settings
To configure Voice over IP (VoIP) settings, complete the following steps:
1
2
Expand the Firewall tree and click VoIP. The VoIP page displays.
 
3
4
Select Enable SIP Transformations to support translation of Session Initiation Protocol (SIP) messages.
After enabling SIP transformations, configure the following options:
a
Select Permit non-SIP packets on signaling port to enable applications such as Apple iChat and MSN Messenger, which use the SIP signaling port for additional proprietary messages. Enabling this check box might open your network to malicious attacks caused by malformed or invalid SIP traffic. This check box is disabled by default.
b
(SonicOS Enhanced only) Select Enable SIP Back-to-Back User Agent (B2BUA) support when the SonicWALL security appliance can see both legs of a voice call (for example, when a phone on the LAN calls another phone on the LAN). This setting should only be enabled when the SIP Proxy Server is being used as a B2BUA.
SIP Signaling inactivity time out (seconds)—Specifies the period of time that must elapse before timing out an inactive SIP session if no SIP signaling occurs (default: 1800 seconds or 30 minutes).
SIP Media inactivity time out (seconds)—Specifies the period of time that must elapse before timing out an inactive SIP session if no media transfer activity occurs (default: 120 seconds or two minutes).
The Additional SIP signaling port (UDP) for transformations setting allows you to specify a nonstandard UDP port used to carry SIP signaling traffic. Normally, SIP signaling traffic is carried on UDP port 5060. However, a number of commercial VoIP services use different ports, such as 1560. Using this setting, the security appliance executes SIP transformation on these non-standard ports.
5
Select Enable H.323 Transformations to allow stateful H.323 protocol-aware packet content inspection and modification by the SonicWALL. The SonicWALL executes any dynamic IP address and transport port mapping within the H.323 packets, which is necessary for communication between H.323 parties in trusted and untrusted networks/zones. Clear this check box to bypass the H.323 specific processing done by SonicWALL.

After enabling H.323 transformations, configure the following options:
Only accept incoming calls from Gatekeeper—when selected, only incoming calls from specified Gatekeeper IP address are accepted.
Enable LDAP ILS Support— when selected, the SonicWALL appliance supports Lightweight Directory Access Protocol (LDAP) and Microsoft Netmeeting’s Internet Locator Service (ILS)
H.323 Signaling/Media inactivity time out (seconds)—specifies how long the SonicWALL appliance waits before closing a connection when no activity is occurring.
Default WAN/DMZ Gatekeeper IP Address—specifies the IP address of the H.323 Gatekeeper that acts as a proxy server between clients on the private network and the Internet.
6
When you are finished, click Update. The settings are changed for each selected SonicWALL appliance. To clear all screen settings and start over, click Reset.