Manual Chapter :
Configuring a SIP Message Routing Firewall
Applies To:
Show VersionsBIG-IP LTM
- 14.0.1, 14.0.0, 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0
Overview: Configuring a SIP message routing firewall
You can use the BIG-IP® system Session Initiation Protocol (SIP) message
routing functionality in a firewall configuration to provide stateful handling of SIP
communication and media flows. A virtual server handles the SIP communications and related media
flows, allowing them to pass through otherwise restrictive firewall rules. You configure a Local
Traffic message routing SIP profile, router profile, and virtual server, and then use that
configuration with an Advanced Firewall Manager™ (AFM™)
DoS profile. In this firewall configuration, the SIP session profile, SIP router profile, and
virtual server use Application Level Gateway (ALG) functionality, where the BIG-IP system does
not perform address translation or subscriber registration tracking.
Note: When using ALG functionality, you cannot use a
SIP router profile with an operation mode that is configured to use load balancing settings.
Instead, you need to use a SIP router profile with the operation mode configured to use
Application Level Gateway settings.
A SIP firewall configuration
Task summary
Creating a SIP ALG router profile
You can create a SIP router profile with mirroring functionality for a SIP ALG
firewall configuration.
Note: If you do not want to configure mirroring functionality,
you can configure a virtual server to use the default settings provided in the
preconfigured siprouter-alg profile.
A SIP router profile appears in the Router Profiles list.
Creating a virtual server for SIP firewall
Before you start this task, ensure that a SIP Session Profile, configured for a
firewall, and a SIP Router Profile, configured for Application Level Gateway, exist in
the BIG-IP® system configuration.
You can create a virtual server to handle SIP communications and related media
flows, allowing them to pass through otherwise restrictive firewall rules.
A message routing virtual server is configured to handle SIP firewall communication
as defined by the SIP Session Profile and Router Profile.
You can configure a DoS Profile in Advanced Firewall Manager™
(AFM™) to use this virtual server.