Hello,
What are the policies to apply in order to secure a network with Voip context?
Which ports must be openned for signalling and which ports must be openned for rtp traffic incoming/outgoing ?
Regards Harry
___________________________________________________________________________ Appel audio GRATUIT partout dans le monde avec le nouveau Yahoo! Messenger Téléchargez cette version sur http://fr.messenger.yahoo.com
That depends on the software you will use. Usually ser listens and sends on port 5060. Many SIP clients use dynamic ports for SIP and for RTP.
Thus, for a SIP proxy allow: incoming: *:* -> ser.ip.address:5060 outgoing: ser.ip.address:5060 -> *:*
If oyu use mediaproxy/rtpproxy, you have allow traffic from/to the ports used by the rtpproxy.
Also make sure to allow DNS, and radius/mysql/postgres if needed.
klaus
harry gaillac wrote:
Hello,
What are the policies to apply in order to secure a network with Voip context?
Which ports must be openned for signalling and which ports must be openned for rtp traffic incoming/outgoing ?
Regards Harry
___________________________________________________________________________ Appel audio GRATUIT partout dans le monde avec le nouveau Yahoo! Messenger Téléchargez cette version sur http://fr.messenger.yahoo.com
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
Hello,
I use a media proxy so 5060 is opened for signalling (incoming/outgoing)
for outgoing media I open ports according to media proxy.
However which port range can i open 1024 to 65535 for incoming calls
Harry --- Klaus Darilion klaus.mailinglists@pernau.at a écrit :
That depends on the software you will use. Usually ser listens and sends on port 5060. Many SIP clients use dynamic ports for SIP and for RTP.
Thus, for a SIP proxy allow: incoming: *:* -> ser.ip.address:5060 outgoing: ser.ip.address:5060 -> *:*
If oyu use mediaproxy/rtpproxy, you have allow traffic from/to the ports used by the rtpproxy.
Also make sure to allow DNS, and radius/mysql/postgres if needed.
klaus
harry gaillac wrote:
Hello,
What are the policies to apply in order to secure
a
network with Voip context?
Which ports must be openned for signalling and
which
ports must be openned for rtp traffic incoming/outgoing ?
Regards Harry
___________________________________________________________________________
Appel audio GRATUIT partout dans le monde avec le
nouveau Yahoo! Messenger
Téléchargez cette version sur
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
___________________________________________________________________________ Appel audio GRATUIT partout dans le monde avec le nouveau Yahoo! Messenger Téléchargez cette version sur http://fr.messenger.yahoo.com
harry gaillac wrote:
Hello,
I use a media proxy so 5060 is opened for signalling (incoming/outgoing)
for outgoing media I open ports according to media proxy.
However which port range can i open 1024 to 65535 for incoming calls
I would do so
klaus
Harry --- Klaus Darilion klaus.mailinglists@pernau.at a écrit :
That depends on the software you will use. Usually ser listens and sends on port 5060. Many SIP clients use dynamic ports for SIP and for RTP.
Thus, for a SIP proxy allow: incoming: *:* -> ser.ip.address:5060 outgoing: ser.ip.address:5060 -> *:*
If oyu use mediaproxy/rtpproxy, you have allow traffic from/to the ports used by the rtpproxy.
Also make sure to allow DNS, and radius/mysql/postgres if needed.
klaus
harry gaillac wrote:
Hello,
What are the policies to apply in order to secure
a
network with Voip context?
Which ports must be openned for signalling and
which
ports must be openned for rtp traffic incoming/outgoing ?
Regards Harry
Appel audio GRATUIT partout dans le monde avec le
nouveau Yahoo! Messenger
Téléchargez cette version sur
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
___________________________________________________________________________ Appel audio GRATUIT partout dans le monde avec le nouveau Yahoo! Messenger Téléchargez cette version sur http://fr.messenger.yahoo.com
-
harry gaillac -
Klaus Darilion