Welcome to the Sophos User Bulletin Board.
If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Reply
 
LinkBack Thread Tools Display Modes
Junior Member
Join Date: Jan 2013
Posts: 3
#1 (permalink)  
Old 01-09-2013, 07:25 AM
Default SIP Proxy Functionality?

I am currently using the free software version of UTM 9.

I was wondering if the product is capable (through licensing options) to provide SIP proxy functionality? Essentially what I have is a SIP server behind a NAT that needs to communicate externally. I need the SIP conversations to include my public IP, not the server's internal IP.

If this can be done through the "VOIP" section under "Network Protection", what do I need to purchase to enable that option?
Reply With Quote
BAlfson's Avatar
Grandis Professorem Astaro
Join Date: Mar 2007
Location: Oklahoma City
Posts: 20,645
#2 (permalink)  
Old 01-09-2013, 01:21 PM
Default

Hi, jpalarchio, and welcome to the User BB!

The VoIP Proxy is included in the Network Protection subscription. It sounds like it's time to talk with a reseller about pricing and how a UTM could fit in your business.

Having said that, you can use NAT to accomplish your goal. The standard 'Internal (Network) -> External' masq rule will send packets with the public IP instead of the internal IP of the server. A NAT rule like 'DNAT : {VoIP Provider} -> VoIP Protocols -> External (Address) : to {server}' would let your provider route calls to your server.

Cheers - Bob
__________________
ACE V7 - Astaro Preferred Partner since V3
SCA/UTM - Sophos Gold Solution Partner
www.MediaSoftUSA.com
Addicted to my iPhone!
Reply With Quote
Junior Member
Join Date: Jan 2013
Posts: 3
#3 (permalink)  
Old 01-09-2013, 02:03 PM
Default

Quote:
Originally Posted by BAlfson View Post
Hi, jpalarchio, and welcome to the User BB!

The VoIP Proxy is included in the Network Protection subscription. It sounds like it's time to talk with a reseller about pricing and how a UTM could fit in your business.

Having said that, you can use NAT to accomplish your goal. The standard 'Internal (Network) -> External' masq rule will send packets with the public IP instead of the internal IP of the server. A NAT rule like 'DNAT : {VoIP Provider} -> VoIP Protocols -> External (Address) : to {server}' would let your provider route calls to your server.

Cheers - Bob
Thanks for the feedback. This is actually all for just my home lab environment that I use for training so budget is always of concern. I know it can't all be free but I also need to find the most cost effective solution for my minimal usage.

I'm doing a DNAT and SNAT today which gets the signaling packets to the SIP provider but when I trace the packets, the SIP headers within the packets still show my internal IP which results in one-way audio. My understanding is that I need SIP proxy functionality that will essentially modify those headers with the external IP.

Is the VoIP proxy capable of providing this functionality?
Reply With Quote
BAlfson's Avatar
Grandis Professorem Astaro
Join Date: Mar 2007
Location: Oklahoma City
Posts: 20,645
#4 (permalink)  
Old 01-09-2013, 04:28 PM
Default

If you're doing this at home, and not for commercial use, the Essentials license is not what you want.

You can get a free home-use license on My.Astaro.com. Just obtain that, and upload the new license on your current install. The only missing functionality is clustering, a limit to 50 IPs and the ability to customize messages and popups where "Home License" can't be removed. Other than that, you have the ability to work with all of the items.

Many of my techy clients have set up a UTM at home to keep their kids off p0rn sites and limit gaming time to after homework is done.

Cheers - Bob
__________________
ACE V7 - Astaro Preferred Partner since V3
SCA/UTM - Sophos Gold Solution Partner
www.MediaSoftUSA.com
Addicted to my iPhone!
Reply With Quote
Junior Member
Join Date: Jan 2013
Posts: 3
#5 (permalink)  
Old 01-10-2013, 02:21 AM
Default

I switched over my license to the home version for now and the VoIP feature did in fact fix my SIP issue.

The reason I avoided the home version before was the 50 IPs is something I could see getting close to. When you consider every DVR, DVD, TV and phone in the house has an IP, not to mention everything else, they start to add up.

How do I go about finding pricing on the VoIP feature should I decide to use the non-home version?
Reply With Quote
Moderator
Join Date: Jul 2001
Location: southern California
Posts: 12,060
#6 (permalink)  
Old 01-11-2013, 08:50 PM
Default

Hi, You'd need a "Network Security" License to include the VOIP security features.
For over 50 IPs, you'd need the 100IP license. The pricing is probably high for home use.
You can get a quote from a reseller; Locate a Partner

BTW, Astaro sometimes gives away 100-IP home user licenses during their Beta programs to active testers; the next Beta (9.1) is due to start soon.

Barry
__________________
http://BlogSec.net
http://JobOyster.com
http://DealBert.net
IT Consultant specializing in high-performance Web Infrastructure and Security.
Astaro End-user since v1.x
  • ASL 9.2x, HP DL360G5 - FW, IPS, VPNs
  • ASL 9.2x, 2 Dell 1950's as WAF/proxy w HA
  • UTM 9.1x, Atom n270, 2GB RAM, 2 Intel GigE
    Netgear GS108T gigE switch & Astaro AP30 Access Point with 4 VLANs.
    60/60mbit FiOS internet.
  • Pending - UTM 9.2x, i5-4670, 4GB RAM, 2 Intel GigE
    Needs new NIC drivers before deploying
Reply With Quote
Reply

Tags
sip, sip proxy

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT. The time now is 09:47 AM.


Powered by vBulletin® Version 3.8.6
Copyright ©2000 - 2015, Jelsoft Enterprises Ltd.

These pages are specifically maintained for the discussion of firewall issues within the Open Source community, and might already reflect new alpha/beta releases under development. Please refer to our product specifications for the functionality of the actual release. Discussions of new/enhanced functionality does not constitute a commitment of Astaro, to integrate this functionality into future releases.