Configuration steps - CLI
To add a VoIP profile that enables hosted NAT translation
1 Enter the following command to add a VoIP profile named HNT that enables hosted NAT traversal. This command shows how to clone the default VoIP profile and enable hosted NAT traversal.
config voip profile
clone default to HNT
edit HNT
config sip
set hosted-nat-traversal enable
end
end
To add the SIP proxy server firewall virtual IP and firewall address
1. Enter the following command to add the SIP proxy server firewall virtual IP.
config firewall vip
edit SIP_Proxy_VIP
set type static-nat
set extip 10.21.101.10
set mappedip 10.30.120.20
set extintf port1
end
2. Enter the following command to add the SIP proxy server firewall address.
config firewall address
edit SIP_Proxy_Server
set associated interface port2
set type ipmask
set subnet 10.30.120.20 255.255.255.255
end
To add security policies
1. Enter the following command to add a destination NAT security policy that includes the SIP proxy server virtual IP that allows Phone A to send SIP request messages to the SIP proxy server.
config firewall policy
edit 0
set srcintf port1
set dstintf port2
set srcaddr all
set dstaddr SIP_Proxy_VIP
set action accept
set schedule always
set service SIP
set nat enable
set utm-status enable
set profile-protocol-options default
set voip-profile HNT
end
2. Enter the following command to add a source NAT security policy to allow the SIP proxy server to send SIP request messages to Phone B:
config firewall policy
edit 0
set srcintf port2
set dstintf port1
set srcaddr SIP_Proxy_Server
set dstaddr all
set action accept
set schedule always
set service SIP
set nat enable
set utm-status enable
set profile-protocol-options default
set voip-profile default
end