Introduction to SIP

SIP is a call-setup protocol that works at the application layer. SIP sets up calls using RTP to send voice data between phones. When you set up the Rule Base for SIP, make sure the VoIP rule is at the top of the Security Policy.

Steps 1 through 5 - SIP Configuration

Before you start the configuration, make sure that the VoIP phones in the external networks are behind a NAT device that is VoIP-aware, or not behind a NAT device.

To configure VoIP for SIP:

1. Log in to SmartConsole and define a Security Gateway.
2. Define the SIP server (SIP proxy or registrar) to create a host object.
   1. From the Object Explorer, click More object types > Network Object > More > VoIP Domain > New SIP Proxy.

      The New SIP Proxy window shows.

   2. Enter an Object Name.

      Example: sip_server_host

3. Define the VoIP endpoints.
   1. In the New SIP Proxy window, enter the Related endpoints domain.
   2. Enter VoIP installed at.

      Optional: Add Tag.

   3. Click OK.
   4. Example: A group of internal networks might be named: internal_net
4. Define the VoIP security Rule Base.

   Configure a simple security Rule Base that allows traffic between endpoints on the internal network, and the SIP server in the external network.

   1. From SmartConsole, click the Security Policies tab.
   2. Click the add rule icon at the top of the screen.
   3. Install the Security Policy.
   4. Test the configuration
5. Make sure to check Keep all connections or the firewall drops your connection every time you Install Policy.
   1. Double-click your gateway.

      The Check Point Security Gateway window shows.

   2. From General Properties > Other > Connection Persistence > Keep all connections > OK.

      Note - Rematch connections is selected by default.

For more information, see SIP Security Rules.

Name	Source	Destination	Services & Applications	Action
Name of your rule	InternalNet	InternalNet	sip sip_dynamic_ports sip_tcp	Accept

Note - You can adjust the header fields for your needs.

Step 6 - Testing the Configuration

Make phone calls to test the configuration.

• From an internal phone to an internal phone.
• From an internal phone to an external phone.
• From an external phone to an internal phone.

Check the log results in the Logs & Monitor tab in SmartConsole.

To see the VoIP logs:

1. From SmartConsole, go to the Logs & Monitor tab.
2. Click Queries at the top of the screen.
3. Under Predefined queries, select Access.