Applies To:Show Versions
Configuring a SIP Message Routing Firewall
Overview: Configuring a SIP message routing firewall
Creating a SIP ALG router profile
- On the Main tab, click.The SIP session profiles list screen opens.
- On the menu bar, clickRouter Profiles.The Router Profiles list screen opens.
- ClickCreate.The New Router Profiles screen opens.
- In theNamefield, type a unique name for the router profile.
- In the Settings area, select theCustomcheck box.
- From theOperation Modelist, selectApplication Level Gateway.
- To use connection mirroring, configure theTraffic Groupsetting.
Changing traffic groups, with Connection Mirroring enabled, drops all mirrored connections and loses all persistence data. If you change traffic groups, mirroring must restart.The traffic group for the virtual address and mirrored attribute are overwritten by the attached router profile.
- Clear theInherit traffic group from current partition / pathcheck box.
- From the list, select a traffic group, such as,traffic-group-1.
- Select theConnection Mirroringcheck box.For connection mirroring to properly function, this device must be a member of a device group.
- In theMirrored Message Sweeper Intervalfield, type the milliseconds for the frequency of the mirrored message sweeper.
Creating a virtual server for SIP firewall
- On the Main tab, click.The Virtual Server List screen opens.
- ClickCreate.The New Virtual Server screen opens.
- In theNamefield, type a unique name for the virtual server.
- From theTypelist, selectMessage Routing.
- In theSource Addressfield, type0.0.0.0/0for the source address and prefix length.
- In theDestination Addressfield, type the IP address in CIDR format.The supported format is address/prefix, where the prefix length is in bits. For example, an IPv4 address/prefix is10.0.0.1or10.0.0.0/24, and an IPv6 address/prefix isffe1::0020/64or2001:ed8:77b5:2:10:10:100:42/64. When you use an IPv4 address without specifying a prefix, the BIG-IP system automatically uses a/32prefix.The IP address for this field needs to be on the same subnet as the external self-IP.
- In theService Portfield, type5060.
- From theConfigurationlist, selectAdvanced.
- From theApplication Protocollist, selectSIP.
- From theSession Profilelist, select a SIP session profile.For a SIP firewall configuration, you can use thesipsession-algprofile.
- From theRouter Profilelist, select a SIP router profile.For a SIP firewall configuration without mirroring, you can use thesiprouter-algprofile. For a SIP firewall configuration with mirroring, you must use a router profile configured for mirroring.
- Complete the following steps to disable all translation functionality on the virtual server.
- From theSource Address Translationlist, selectNone.
- Clear theAddress Translationcheck box.
- Clear thePort Translationcheck box.