Solved

Juniper 5gt SIP configuration example

Posted on 2013-01-07
9
715 Views
Last Modified: 2013-01-15
My customer bought a 5gt and wants to use it solely for voip.  Does anybody have a configuration example of what this needs to look like?  I don't have web access to the firewall.  It is sitting on a desk with a console cable on it.
0
Comment
Question by:dhuff2012
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
9 Comments
 
LVL 7

Expert Comment

by:Phyo HTET AUNG
ID: 38753428
hope this might help.

Solution From Juniper Forum
0
 
LVL 18

Expert Comment

by:Sanga Collins
ID: 38754796
The setup will depend on where the VOIP server sits. Is the server and phones going to be behind the firewall? Or is the server going to be outside the firewall and the phones inside?
0
 

Author Comment

by:dhuff2012
ID: 38756644
I'm not sure yet.  The customer is getting that info for me.  In the meanwhile I have put a config on the firewall to ship it to them.  I can continue configuration once it is in place.  Would you mind looking at the config and let me know if I'm missing anything?  I'm concerned about the default route as I'm used to Cisco cli and this is quite different.
voice-fw-config.docx
0
Defend Your Organization from The Greatest Threats

Looking to fill the gaps in your security? Bring together information from the network, endpoint and threat intelligence feeds to really see what's happening in your organization. Join the WatchGuardians in their adventures fighting cyber crime!

 
LVL 18

Expert Comment

by:Sanga Collins
ID: 38756801
Since this appears to be at least screenOS 6.x or newer the following statement in your config should be sufficient

set interface ethernet 0/0 gateway 63.x.x.x

But since you said you are sending the device to a client, just to be safe you can (from the webui) add the default route under Network > Routing > Destination, or from the command line using the following command

set route 0.0.0.0/0 interface ethernet0/0 gateway 63.x.x.x
save
0
 

Author Comment

by:dhuff2012
ID: 38756984
Thanks.  The phone server is outside of the customer network at a place called Next Level.  Does this help?
0
 
LVL 18

Expert Comment

by:Sanga Collins
ID: 38757055
Yes that is very important. With the VoIP server residing off site, what you want to do is:

A) disable sip ALG
B) enable 'source based NAT' in the advanced properties of the trust to untrust policy. You can get to properties for a policy by clicking on the edit link for the policy in question.

I will look up the correct CLI commands to enter and post them if you only have console access.
0
 

Author Comment

by:dhuff2012
ID: 38757095
That would be terrific.  Please provide the cli commands.  Thank you.
0
 
LVL 18

Accepted Solution

by:
Sanga Collins earned 500 total points
ID: 38757539
unset alg sip enable
set policy id 1 from "Trust" to "Untrust"  "Any" "Any" "ANY" nat src permit log
save

The above commands will accomplish the required setting
0
 

Author Closing Comment

by:dhuff2012
ID: 38778961
Thanks.  The FW is going in today and I will try your suggestions.
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Network Security Solution 7 74
Adding a 2nd Juniper SSG20 and setting up HA / NSRP 2 21
Rogue RDP Connections 5 104
Preventive Maintenance for Fortigate 100D HA Firewall 4 46
This subject  of securing wireless devices conjures up visions of your PC or mobile phone connecting to the Internet through some hotspot at Starbucks. But it is so much more than that. Let’s look at the facts: devices#sthash.eoFY7dic.
The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question