Description:
For the Juniper SRX series firewalls there are two steps to take. First we want to disable the SIP ALG and then since the Juniper won't automatically NAT properly, we need to add our IP's to a trusted list.
...
| Tip |
|---|
|
This article will outline how to do the following: - Configure a Juniper SRX series firewalls for Audian service
|
Methods:
| Info |
|---|
|
| Expand |
|---|
| To disable SIP ALG, run these commands:
#edit
# set security alg sip disable
# commit Running this command will show if this works:
#run show security alg status You should see this:
ALG Status :
DNS : Enabled
FTP : Enabled
H323 : Enabled
MGCP : Enabled
MSRPC : Enabled
PPTP : Enabled
RSH : Enabled
RTSP : Enabled
SCCP : Enabled
SIP : Disabled
SQL : Enabled
SUNRPC : Enabled
TALK : Enabled
TFTP : Enabled
IKE-ESP : Disabled |
|
| Info |
|---|
|
| Expand |
|---|
| title | Add Audian IP Addresses |
|---|
| To setup our IP's we need this config:
| Note |
|---|
Please contact Audian support for a list of our IP addresses to be whitelisted. |
| xml | [edit security address-book]
+ EXT_AB {
+ address SIP_1 |
5414870218addressSIP_2 54.148.57.6/32;
addressSIP_3 52.11.88.63/32;
+ address SIP_4 54.149.90.30/32;
+ attach {
+ zone untrust;
+ }
+ }
[edit security]
+ alg {
+ sip disable;
+ }
[edit security policies from-zone untrust to-zone trust]
+ policy Audian_SIP_Permit {
+ description Phones;
+ match {
+ source-address [ SIP_1 SIP_2 SIP_3 SIP_4 SIP_5 SIP_6 SIP_7 SIP_8 SIP_9 SIP_10 SIP_11 SIP_12 SIP_13 SIP_14 ];
+ destination-address any;
+ application [ Audian_SIP5060_5082 Audian_SIP11000 Audian_SIP_RTP16384_32768 ];
+ }
+ ## Warning: missing mandatory statement(s): 'then'
+ }
[edit]
+ applications {
+ application Audian_SIP5060_5082 {
+ protocol udp;
+ destination-port 5060-5082;
+ }
+ application Audian_SIP11000 {
+ protocol udp;
+ destination-port 11000;
+ }
+ application Audian_SIP_RTP16384_32768 {
+ protocol udp;
+ destination-port 16384-32768;
+ }
+ } |
|
|