2020-05-18T12:09:00Z

Should I configure SIP or NAT traversal technologies on my firewall?

300

Why or why not? If so, which are the best providers for this configuration?

ITCS user
Guest
1212 Answers

author avatar
Top 10Real User

If you have SIP phones which need to access PABX from wan (internet) you need forward sip from wan to LAN PABX.

If you have more than 2 devices that need to share the same internet connection. You have to enable NAT.

NAT support devices are following devices

1. Any Broadband router. ( Cisco, D-link, TP-link, Linksys, Asus,…etc)
2. Firewall /Router/VPN (Fortigate, Cisco, Sonicwall, Paloalto, Watchguard….etc)

My preference is FortiGate. It supports SIP, NAT Configuration & VPN in the same appliance device. SSL VPN is free of charge included with the devices.

2020-05-20T09:14:14Z
author avatar
Top 10Real User

SIP is a protocol used for session management in VoIP or video communication, On the other hand NAT Traversal is a technique used to maintain connectivity over networks where NAT is used. You are probably looking to implement VoIP in your network if I'm not mistaken. There is no choice here because some VoIP devices require the implicit use of SIP protocol, That is what they use to initiate, manage, and terminate sessions.

While there are some vendors that use their proprietary protocol, SIP like protocol is necessary regardless. And about NAT traversal, if you have a NAT device or a firewall that implements NAT in between or as a gateway NAT traversal must be used to make sure your communication works because in VoIP communication the client also acts as a server, meaning the communication has to be both ways. When there is a NAT in between NAT masquerades the original IPso there is a probability that the communication may fail. However, some VoIP solutions have their own mechanism to bypass NAT and maintain communication while some require NAT Traversal to be configured on the firewall.

2020-05-20T03:55:40Z
author avatar
Top 5User

What is the reason for doing SIP, in addition to IP PBX? If it's only that any router can handle that service via NAT but if is another scenario!


-What is your organization size?
-How many users do you have?
-Do you already have an internal router or your Internet Service Provider gave you one? If so, can you handle that router?
-What kind of service do you need vía that router?
-What's your budget?

This is not a simple question to answer, but if you want a whole scenario solution, I'd probably choose an internal router doing NAT.

2021-08-23T16:47:56Z
author avatar
Real User

NAT, ISP normally provides one public IP to subscribers and for many devices to connect on the internet this single public IP address is shared among them. Traversal technique is to do UDP encapsulation to allow traffic to reach the destination device which does not have a public address.

SIP traversal is mainly used when we have SIP phones which are registered to a remote IPBX, to keep the connection live and keep signaling link between the phones and the sip registrar, SIP traversal comes into play.

I have mainly used this SIP traversal option on Cyberoam / Sophos firewall and believe me it works like a charm.

2020-05-19T18:04:29Z
author avatar
Top 10Real User

NAT Is always good for security concerns as to some extent it hides internal Networks. 


SIP can be used with port forwarding too (it works ) Here I mean SIP (Session Initiation Protocol in VoIP Phones).  


Also, I suggest you refer to your firewall docs.  

2021-08-25T03:07:52Z
author avatar
Top 5Real User

The question is too vague. 


Need more details such as:


What devices are you using or what is your budget for devices? 


What are you aiming to do? 

2021-08-24T18:08:38Z
author avatar
Consultant

"For SIP it is best to use SIP proxy technologies (for example Cisco CUBE). It is much more secure and has an advantage in that the external traffic stops in the Gateway which in turn will make another connection to the inside. Thus, any DoS attack will only affect the gateway and not the applications and internal communications.

Another advantage of the SIP proxy is that reconfigurations and transformations specific to incompatible SIP sessions (DSP transcoding) can be performed on the gateway.

On the other hand, NAT traversal has the advantage of being a cheap solution, with only security facilities and not for improving the parameters of RTP and voice signaling."

2020-05-21T14:32:40Z
author avatar
Real User

SIP is a VoIP telephony protocol, it is not a firewall configuration. In the firewall, the only item you can configure is SIP ALG in disabled or enabled mode. You can configure NAT Transversal when you need to implement site-to-site VPN where the VPN hub is behind a router.

2020-05-20T01:58:26Z
author avatar
Real User

The business need should always be part of the equation if you have a business need for SIP in addition to permitter security then using a firewall with SIP protection such as a FortiGate running version 6.x.

If you only need a SIP gateway then there are several dedicated gateways that are available, but I am not familiar enough to recommend a brand.

2020-05-19T17:54:09Z
author avatar
User

There are lots of blogs on this topic. That will be your best resource.

2020-05-19T15:46:26Z
author avatar
User

You should configure NAT on your firewall this is for Securing the Internal network (LAN) from external network (WAN),

SIP is a protocol for Voice over IP in digital networks.

2020-05-19T14:31:48Z
Find out what your peers are saying about Fortinet, Check Point, Netgate and others in Firewalls. Updated: September 2021.
535,919 professionals have used our research since 2012.