Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Next »

Description:

This article will outline how to 

  • Configure the Juniper SRX series firewalls for Audian service. 

Methods:

 Disable SIP ALG

To disable SIP ALG, run these commands:
#edit
# set security alg sip disable
# commit

Running this command will show if this works:
#run show security alg status

You should see this:
ALG Status :
DNS : Enabled
FTP : Enabled
H323 : Enabled
MGCP : Enabled
MSRPC : Enabled
PPTP : Enabled
RSH : Enabled
RTSP : Enabled
SCCP : Enabled
SIP : Disabled
SQL : Enabled
SUNRPC : Enabled
TALK : Enabled
TFTP : Enabled
IKE-ESP : Disabled

 Add Audian IP Addresses

To setup our IP's we need this config:

[edit security address-book]
+   EXT_AB {
+       address SIP_1 54.148.70.218/32;
+       address SIP_2 54.148.57.6/32;
+       address SIP_3 52.11.88.63/32;
+       address SIP_4 54.149.90.30/32;
+       attach {
+           zone untrust;
+       }
+   }
[edit security]
+   alg {
+       sip disable;
+   }
[edit security policies from-zone untrust to-zone trust]
+     policy Audian_SIP_Permit {
+         description Phones;
+         match {
+             source-address [ SIP_1 SIP_2 SIP_3 SIP_4 ];
+             destination-address any;
+             application [ Audian_SIP5060_5082 Audian_SIP11000 Audian_SIP_RTP16384_32768 ];
+         }
+         ## Warning: missing mandatory statement(s): 'then'
+     }
[edit]
+  applications {
+      application Audian_SIP5060_5082 {
+          protocol udp;
+          destination-port 5060-5082;
+      }
+      application Audian_SIP11000 {
+          protocol udp;
+          destination-port 11000;
+      }
+      application Audian_SIP_RTP16384_32768 {
+          protocol udp;
+          destination-port 16384-32768;
+      }
+  }
  • No labels