Opening Dynamic Ports for SIP Signaling

sip_dynamic_ports enables ports to open dynamically for SIP signaling. Therefore, if there is a port that is not Configured by one of the SIP services, it can still establish SIP connections. The Check Point Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. opens and closes ports based on the inspection of SIP signaling messages.

Add the sip_dynamic_ports service to the Services & Applications column of the Rule Base All rules configured in a given Security Policy. Synonym: Rulebase. when:

• You use a non-default port.

• The phones register themselves as a SIP server by associating their phone number with an unknown port.

  For example:

  A registration request for phone number 2001 with IP address 172.16.8.3 port 3000. An example of this contact header field is:

  Contact: <sip:2001@172.16.8.3:3000;rinstance=64d25786c64e7975>;expires=3600

  The rport parameter is found in the Via header field when the port is relocated.

  For example:

  Via: SIP/2.0/TCP 172.16.8.3:5060;branch=z9hG4bK-1193792f8039818cd82e34eec4112ae8;rport=4039

See RFC 3581 - An Extension to the Session Initiation Protocol (SIP) for Symmetric Response Routing.

Note - Use the sip_dynamic_ports service with at least one other SIP service in a rule Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session..

Sample Rule With the sip_dynamic_ports Service

Example of SIP UDP rule:

Source	Destination	Services & Applications	Action
SIP_phone SIP_server	SIP_server SIP_phone	udp:sip sip_dynamic_ports	Accept

• SIP_phone is the IP address of the SIP phone.

• SIP_server is the IP address of the SIP server.