Juniper SRX Series Firewalls

Owned by David Klein
Last updated: Sept 23, 2021 by Eric Ronhovde
2 min read

Description:

This article will outline how to do the following:

  • Configure a Juniper SRX series firewalls for Audian service

Methods:

 Disable SIP ALG

To disable SIP ALG, run these commands:
#edit
# set security alg sip disable
# commit

Running this command will show if this works:
#run show security alg status

You should see this:
ALG Status :
DNS : Enabled
FTP : Enabled
H323 : Enabled
MGCP : Enabled
MSRPC : Enabled
PPTP : Enabled
RSH : Enabled
RTSP : Enabled
SCCP : Enabled
SIP : Disabled
SQL : Enabled
SUNRPC : Enabled
TALK : Enabled
TFTP : Enabled
IKE-ESP : Disabled

 Add Audian IP Addresses

To setup our IP's we need this config:


Please contact Audian support for a list of our IP addresses to be whitelisted.

[edit security address-book]
+   EXT_AB {
+       address SIP_1 55.555.55.555/32;
+       
+       attach {
+           zone untrust;
+       }
+   }
[edit security]
+   alg {
+       sip disable;
+   }
[edit security policies from-zone untrust to-zone trust]
+     policy Audian_SIP_Permit {
+         description Phones;
+         match {
+             source-address [ SIP_1 SIP_2 SIP_3 SIP_4 SIP_5 SIP_6 SIP_7 SIP_8 SIP_9 SIP_10 SIP_11 SIP_12 SIP_13 SIP_14 ];
+             destination-address any;
+             application [ Audian_SIP5060_5082 Audian_SIP11000 Audian_SIP_RTP16384_32768 ];
+         }
+         ## Warning: missing mandatory statement(s): 'then'
+     }
[edit]
+  applications {
+      application Audian_SIP5060_5082 {
+          protocol udp;
+          destination-port 5060-5082;
+      }
+      application Audian_SIP11000 {
+          protocol udp;
+          destination-port 11000;
+      }
+      application Audian_SIP_RTP16384_32768 {
+          protocol udp;
+          destination-port 16384-32768;
+      }
+  }