![]() Pinhole 1 is opened on the Port2 interface and will accept media traffic sent from Phone B to Phone A. The SIP ALG creates pinhole 1 to allow this media traffic to pass through the FortiGate unit. You can see from this diagram that the SDP profile in the INVITE request from Phone A indicates that Phone A is expecting to receive a media stream sent to its IP address using port 4000 for RTP and port 4001 for RTCP. The FortiGate unit does not require an RTP security policy, just the SIP policy. The FortiGate unit includes a security policy that accepts SIP sessions from port1 to port2 and from port2 to port1. Phone A and Phone B are on the same subnet. ![]() Phone A and Phone B are installed on either side of a FortiGate unit operating in Transparent mode. The figure below shows a simplified call setup sequence that shows how the SIP ALG opens pinholes. When the associated SIP session is terminated by the SIP ALG or the SIP phones or servers participating in the call, the RTP pinhole is closed. The SIP ALG keeps RTP pinholes open as long as the SIP session is alive. When the lifetime ends, the SIP ALG removes the pinhole. L i f e t i m e The length of time during which the pinhole will be open. Pinholes for RTP and RTCP sessions share the same destination IP address.ĭ es t i n a t i o n port The SIP ALG extracts the destination port number for RTP from the m= field and adds 1 to this number to get the RTCP port number. If the session part of the profile doesn’t contain a c= line the packet is dropped. If the media part does not contain a c= line, the SIP ALG checks the c= line in the session part of the SDP profile. The SIP ALG uses the IP address in the c= line of the media part of the SDP profile first. The c= line can appear in either the session or media part of the SDP profile. The SIP ALG extracts the destination IP address from the c= line in the SDP profile. ![]() P r o t o c o l UDP (Extracted from SIP messages by the SIP ALG.) The SIP ALG finds this information in SIP messages and some is provided by the SIP ALG: The SIP ALG requires the following information to create a pinhole.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |