Configuration steps - CLI
To add firewall addresses for Phone A and Phone B and security policies to accept SIP sessions
1. Enter the following command to add firewall addresses for Phone A and Phone B.
config firewall address
edit Phone_A
set associated interface port1
set type ipmask
set subnet 10.31.101.20 255.255.255.255
next
edit Phone_B
set associated interface port2
set type ipmask
set subnet 10.31.101.30 255.255.255.255
end
2. Enter the following command to add security policies to allow Phone A to send SIP request messages to Phone B and Phone B to send SIP request messages to Phone A.
config firewall policy
edit 0
set srcintf port1
set dstintf port2
set srcaddr Phone_A
set dstaddr Phone_B
set action accept
set schedule always
set service SIP
next
edit 0
set srcintf port2
set dstintf port1
set srcaddr Phone_B
set dstaddr Phone_A
set action accept
set schedule always
set service SIP
set utm-status enable
end