Page tree
Skip to end of metadata
Go to start of metadata

Description:

This article will outline how to do the following:

  • Configure a Juniper SRX series firewalls for Audian service

Methods:

 Disable SIP ALG

To disable SIP ALG, run these commands:
#edit
# set security alg sip disable
# commit

Running this command will show if this works:
#run show security alg status

You should see this:
ALG Status :
DNS : Enabled
FTP : Enabled
H323 : Enabled
MGCP : Enabled
MSRPC : Enabled
PPTP : Enabled
RSH : Enabled
RTSP : Enabled
SCCP : Enabled
SIP : Disabled
SQL : Enabled
SUNRPC : Enabled
TALK : Enabled
TFTP : Enabled
IKE-ESP : Disabled

 Add Audian IP Addresses

To setup our IP's we need this config:

[edit security address-book]
+   EXT_AB {
+       address SIP_1 54.148.70.218/32;
+       address SIP_2 54.148.57.6/32;
+       address SIP_3 52.11.88.63/32;
+       address SIP_4 54.149.90.30/32;
+		address SIP_5 52.27.186.140/32;
+		address SIP_6 54.86.30.113/32;
+		address SIP_7 54.144.238.86/32;
+		address SIP_8 34.202.125.217/32;
+		address SIP_9 18.215.197.50/32;
+		address SIP_10 3.13.153.32/32;
+		address SIP_11 3.13.149.205/32;
+		address SIP_12 3.19.84.238/32;
+		address SIP_13 3.86.0.189/32;
+		address SIP_14 3.130.148.40/32;
+       attach {
+           zone untrust;
+       }
+   }
[edit security]
+   alg {
+       sip disable;
+   }
[edit security policies from-zone untrust to-zone trust]
+     policy Audian_SIP_Permit {
+         description Phones;
+         match {
+             source-address [ SIP_1 SIP_2 SIP_3 SIP_4 SIP_5 SIP_6 SIP_7 SIP_8 SIP_9 SIP_10 SIP_11 SIP_12 SIP_13 SIP_14 ];
+             destination-address any;
+             application [ Audian_SIP5060_5082 Audian_SIP11000 Audian_SIP_RTP16384_32768 ];
+         }
+         ## Warning: missing mandatory statement(s): 'then'
+     }
[edit]
+  applications {
+      application Audian_SIP5060_5082 {
+          protocol udp;
+          destination-port 5060-5082;
+      }
+      application Audian_SIP11000 {
+          protocol udp;
+          destination-port 11000;
+      }
+      application Audian_SIP_RTP16384_32768 {
+          protocol udp;
+          destination-port 16384-32768;
+      }
+  }
  • No labels