Zyxel sip alg, Sip alg and nat, Sip alg and firewall – ZyXEL Communications ZyXEL ZyWALL 35 User Manual

ZyWALL 35 User’s Guide

Appendix J SIP Passthrough

627

ZyXEL SIP ALG

• SIP clients can be connected to the LAN, WLAN or DMZ. A SIP server must be on the

WAN. The WLAN and DMZ are not available on all models.

• You can make and receive calls between the LAN and the WAN, between the WLAN

and the WAN and/or between the DMZ and the WAN. You cannot make a call between
the LAN and the LAN, between the LAN and the DMZ, between the LAN and the
WLAN, between the DMZ and the DMZ, and so on.

• The SIP ALG allows UDP packets with a port 5060 destination to pass through.
• The ZyWALL allows SIP audio connections.

Figure 397 ZyWALL SIP ALG

SIP ALG and NAT

The ZyWALL dynamically creates an implicit port forwarding rule for SIP traffic from the
WAN to the LAN.

The SIP ALG on the ZyWALL supports all NAT mapping types, including One to One,
Many to One, Many to Many Overload and Many One to One.

SIP ALG and Firewall

The ZyWALL creates an implicit temporary firewall rule for the dynamic RTP port on the
WAN to the SIP client device on the LAN. The firewall rule is created for both directions to
allow voice packets. The firewall rule is deleted when the call is terminated.

SIP ALG and Multiple WAN

When the ZyWALL has two WAN ports and uses the second highest priority WAN port as a
back up, it drops SIP connections when the primary WAN port connection fails. The
ZyWALL does not automatically change the SIP connection to the secondary WAN port.

Signaling session

over UDP port 5060

Audio session using RTP