We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

SIP Proxy

  • Last updated on

SIP is mainly used for VOIP telephony but is also used for multimedia communication including video and instant messaging. SIP clients and servers use TCP or UDP port 5060 to connect with each other for signaling, as well as setting up, modifying, and tearing down connections. If SIP packets must traverse a NAT, they are only partially rewritten, creating problems with headers containing local IP addresses that are unreachable from the Internet. The audio and video of a call is carried over an RTP session that starts on a dynamically assigned port. If the RTP session is blocked because the firewall only forwards or allows specific ports, the audio and video for the call is not transmitted properly.

The following example shows how the SIP Proxy service on the Barracuda firewall helps establish a VOIP call with an external SIP provider.

fw_sip_provider.png

Configuring the SIP Proxy

The SIP Proxy poses as a client to the destination server and as a server to the local client. It intercepts and redirects the traffic between the VOIP client and the server. It also dynamically opens the ports that are required by the call. A SIP proxy is always required if the RTP ports are blocked by the firewall or NAT is used. If the ports required for the RTP connection are open, a SIP proxy is only needed if the SIP provider does not detect NAT'd clients correctly.

For instructions on how to configure the SIP proxy, see How to Configure the SIP Proxy.

Encrypting SIP with TLS

Increase the security of SIP connections by configuring TLS with the SIP Proxy. TLS secures the last hop from the proxy to the target domain of the user agent. It only encrypts one hop at a time. TLS does not encrypt voice or video traffic, which is handled by the RTP session. To encrypt voice or video traffic, you must use SRTP.

For more information, see How to Configure the SIP Proxy.

Last updated on