asked on Juniper 5gt SIP configuration example
My customer bought a 5gt and wants to use it solely for voip. Does anybody have a configuration example of what this needs to look like? I don't have web access to the firewall. It is sitting on a desk with a console cable on it.
Hardware FirewallsNetwork Security
Last Comment
dhuff2012
The setup will depend on where the VOIP server sits. Is the server and phones going to be behind the firewall? Or is the server going to be outside the firewall and the phones inside?
ASKER
I'm not sure yet. The customer is getting that info for me. In the meanwhile I have put a config on the firewall to ship it to them. I can continue configuration once it is in place. Would you mind looking at the config and let me know if I'm missing anything? I'm concerned about the default route as I'm used to Cisco cli and this is quite different.
voice-fw-config.docx
voice-fw-config.docx
Your help has saved me hundreds of hours of internet surfing.
fblack61
Since this appears to be at least screenOS 6.x or newer the following statement in your config should be sufficient
set interface ethernet 0/0 gateway 63.x.x.x
But since you said you are sending the device to a client, just to be safe you can (from the webui) add the default route under Network > Routing > Destination, or from the command line using the following command
set route 0.0.0.0/0 interface ethernet0/0 gateway 63.x.x.x
save
set interface ethernet 0/0 gateway 63.x.x.x
But since you said you are sending the device to a client, just to be safe you can (from the webui) add the default route under Network > Routing > Destination, or from the command line using the following command
set route 0.0.0.0/0 interface ethernet0/0 gateway 63.x.x.x
save
ASKER
Thanks. The phone server is outside of the customer network at a place called Next Level. Does this help?
Yes that is very important. With the VoIP server residing off site, what you want to do is:
A) disable sip ALG
B) enable 'source based NAT' in the advanced properties of the trust to untrust policy. You can get to properties for a policy by clicking on the edit link for the policy in question.
I will look up the correct CLI commands to enter and post them if you only have console access.
A) disable sip ALG
B) enable 'source based NAT' in the advanced properties of the trust to untrust policy. You can get to properties for a policy by clicking on the edit link for the policy in question.
I will look up the correct CLI commands to enter and post them if you only have console access.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER
That would be terrific. Please provide the cli commands. Thank you.
ASKER CERTIFIED SOLUTION
Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a questionASKER
Thanks. The FW is going in today and I will try your suggestions.
Solution From Juniper Forum