Opening Dynamic Ports for SIP Signaling

sip_dynamic_ports enables ports to open dynamically for SIP signaling. Therefore, if there is a port that is not Configured by one of the SIP services, it can still establish SIP connections. The Check Point Security GatewayClosed Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. opens and closes ports based on the inspection of SIP signaling messages.

Add the sip_dynamic_ports service to the Services & Applications column of the Rule BaseClosed All rules configured in a given Security Policy. Synonym: Rulebase. when:

  • You use a non-default port.

  • The phones register themselves as a SIP server by associating their phone number with an unknown port.

    For example:

    A registration request for phone number 2001 with IP address 172.16.8.3 port 3000. An example of this contact header field is:

    Contact: <sip:2001@172.16.8.3:3000;rinstance=64d25786c64e7975>;expires=3600

    The rport parameter is found in the Via header field when the port is relocated.

    For example:

    Via: SIP/2.0/TCP 172.16.8.3:5060;branch=z9hG4bK-1193792f8039818cd82e34eec4112ae8;rport=4039

See RFC 3581 - An Extension to the Session Initiation Protocol (SIP) for Symmetric Response Routing.

Note - Use the sip_dynamic_ports service with at least one other SIP service in a ruleClosed Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session..

Sample Rule With the sip_dynamic_ports Service

Example of SIP UDP rule:

Source

Destination

Services & Applications

Action

SIP_phone

SIP_server

SIP_server

SIP_phone

udp:sip

sip_dynamic_ports

Accept

  • SIP_phone is the IP address of the SIP phone.

  • SIP_server is the IP address of the SIP server.