Configuration steps - web‑based manager
To add firewall addresses for the SIP phones
1. Go to Firewall Objects > Address.
2. Add the following addresses for Phone A and Phone B:
Address Name | Phone_A |
Type | Subnet |
Subnet / IP Range | 10.31.101.20/255.255.255.255 |
Interface | Internal |
Address Name | Phone_B |
Type | Subnet |
Subnet / IP Range | 172.20.120.30/255.255.255.255 |
Interface | wan1 |
To add security policies to apply the SIP ALG to SIP sessions
1. Go to Policy > Policy > Policy.
2. Select Create New to add a security policy.
3. Add a security policy to allow Phone A to send SIP request messages to Phone B:
Policy Type | Firewall |
Policy Subtype | Address |
Incoming Interface | internal |
Source Address | Phone_A |
Outgoing Interface | wan1 |
Destination Address | Phone_B |
Schedule | always |
Service | SIP |
Action | ACCEPT |
4. Select Enable NAT and select Use Destination Interface Address.
5. Under UTM Security Profiles, select Use Standard UTM Profiles.
6. Turn on VoIP and select the default VoIP profile.
7. Select OK.
8. Add a security policy to allow Phone B to send SIP request messages to Phone A:
Policy Type | Firewall |
Policy Subtype | Address |
Incoming Interface | wan1 |
Source Address | Phone_B |
Outgoing Interface | internal |
Destination Address | Phone_A |
Schedule | always |
Service | SIP |
Action | ACCEPT |
9. Select Enable NAT and select Use Destination Interface Address.
10. Under UTM Security Profiles, select Use Standard UTM Profiles.
11. Turn on VoIP and select the default VoIP profile.
12. Select OK.