Enabling VoIP Traffic

Introduction

Voice over Internet Protocol VoIP), is a technology to deliver voice communications and multimedia sessions over Internet Protocol (IP) networks, such as the Internet. There are two primary delivery methods: private or on-premises solutions, or externally hosted solutions delivered by third-party providers.

VoIP is supported on all Quantum Spark appliances.

To configure VoIP in the WebUI:

  1. Go to Access Policy > Firewall Blade Control.

  2. Under Access Policy Control > Firewall Policy, click the Configure link next to VoIP.

    The VoIP window opens,

  3. If VoIP is already configured, you can edit or disable/enable the current configuration.

    If VoIP is not yet configured:

  4. For Off-premise SIP Provider Service:

    1. Click the checkbox for Use SIP Provider – You are assigned a single IP or a range of servers with external IPs.

    2. Enter the IP address.

    3. Select whether to log traffic from this provider.

    4. Select whether to disable SIP traffic inspection. When this setting is enabled, application level inspection and NAT of the SIP Protocol is allowed.

  5. For On-premise Devices, select one of these options and enter the IP address:

    • Use on-premise phones without SIP server (PBX). When no SIP Server Provider is defined, you do not need to define IP addresses for on-premise phones.

    • Use on-premise SIP server (PBX). Click the checkbox to allow access to PBX management portal from the Internet.

  6. For Off-premise phones, select one or more of these options:

    Note - The relevant topology shows automatically for each selection.

    • Phones are connected via VPN Site to Site.

    • Phones are connected by VPN Remote Access.

    • Phones are configured with public IP. Enter the name of the external phone and the IP address.

  7. For SIP Service, select the SIP UDP/TCP ports, which by default are 5060. All phones should be configured to use the configured ports.

After you apply these settings, rules are automatically created in the Firewall Access Policy page for Outgoing access to the Internet and Incoming, Internal and VPN traffic.

Notes:

  • For an on-premise configuration without PBX, the destination should be the IP_Phones object.

  • If you allow access to the PBX portal, another rule is created: “Any, PBX-Server, HTTP/S, Accept, None, Generated rule: SIP VOIP”

Forwarding rules are automatically created in the Access Policy > NAT Rules page.

Note - For external phones with remote access, the Office Object is automatically created in the Network Objects section and the set back connection setting is set to true

Follow these configuration procedures to allow SIP traffic to pass through the gateway when:

  • The SIP server is located on external networks. For more advanced topologies, refer to sk113573.

  • The gateway's NAT configuration is set to its default settings (with internal networks hidden behind its external IP address).

Configuration

To allow the SIP server to connect to internal phones from the Internet:

  1. Go to Access Policy > Policy.

  2. Add a rule to the Incoming, Internal and VPN traffic Rule Base that allows SIP traffic.

    • Source - A network object that holds the IP address of the SIP server.

    • Destination - A network object that holds the IP addresses of the phones behind the gateway

    • Service - SIP

    • Action - Accept

    For more information, see Working with the Firewall Access Policy.

  3. Optional - Configure a log for this rule.