Configuration steps - web‑based manager
To add the SIP proxy server firewall virtual IP
1. Go to Firewall Objects > Virtual IP > Virtual IP.
2. Add the SIP proxy server virtual IP.
Name | SIP_Proxy_VIP |
External Interface | port1 |
Type | Static NAT |
External IP Address/Range | 172.20.120.50 |
Mapped IP Address/Range | 10.31.101.50 |
To add a firewall address for the SIP proxy server
1. Go to Firewall Objects > Address > Addresses.
2. Add the following for the SIP proxy server:
Address Name | SIP_Proxy_Server |
Type | Subnet |
Subnet / IP Range | 10.31.101.50/255.255.255.255 |
Interface | port2 |
To add the security policies
1. Go to Policy > Policy > Policy.
2. Add a destination NAT security policy that includes the SIP proxy server virtual IP that allows Phone B (and other SIP phones on the Internet) to send SIP request messages to the SIP proxy server.
Policy Type | Firewall |
Policy Subtype | Address |
Incoming Interface | port1 |
Source Address | all |
Outgoing Interface | port2 |
Destination Address | SIP_Proxy_VIP |
Schedule | always |
Service | SIP |
Action | ACCEPT |
3. Select Enable NAT and select Use Destination Interface Address.
4. Under UTM Security Profiles, select Use Standard UTM Profiles.
5. Turn on VoIP and select the default VoIP profile.
6. Select OK.
7. Add a source NAT security policy to allow the SIP proxy server to send SIP request messages to Phone B and the Internet:
Policy Type | Firewall |
Policy Subtype | Address |
Incoming Interface | port2 |
Source Address | SIP_Proxy_Server |
Outgoing Interface | port1 |
Destination Address | all |
Schedule | always |
Service | SIP |
Action | ACCEPT |
8. Select Enable NAT and select Use Destination Interface Address.
9. Under UTM Security Profiles, select Use Standard UTM Profiles.
10. Turn on VoIP and select the default VoIP profile.
11. Select OK.