Enabling VoIP Traffic


Follow these configuration procedures to allow SIP traffic to pass through the gateway when:

  • The SIP server is located on external networks. For more advanced topologies, refer to sk113573.

  • The gateway's NAT configuration is set to its default settings (with internal networks hidden behind its external IP address).


To allow application-level inspection and NAT of the SIP protocol:

  1. Go to Users & Objects > Services.

  2. Edit the SIP_UDP and SIP_TCP built in services by enabling SIP inspection on both services - Clear the Disable inspection for this service checkbox in each service object. For more details, see Viewing System Information.

To allow the SIP server to connect to internal phones from the Internet:

  1. Go to Access Policy > Policy.

  2. Add a rule to the Incoming, Internal and VPN traffic Rule Base that allows SIP traffic.

    Source - A network object that holds the IP address of the SIP server.

    Destination - A network object that holds the IP addresses of the phones behind the gateway

    Service - SIP

    Action - Accept

    For more information, see Working with the Firewall Access Policy.

  3. Optional - Configure a log for this rule.