Juniper SRX240 - VoIP.ms Wiki

Check out our YouTube channel to watch our simple tutorials that will help you set up most of our features.

Juniper SRX240

From VoIP.ms Wiki

(Difference between revisions)
Jump to: navigation, search
[quality revision][quality revision]
(The '''Juniper SRX Series''' services gateways provide a [https://www.juniper.net/us/en/products-services/security/srx-series/ hardware firewall platform] for installation in Internet data centres.)
 
Line 1: Line 1:
 +
The '''Juniper SRX Series''' services gateways provide a [https://www.juniper.net/us/en/products-services/security/srx-series/ hardware firewall platform] for installation in Internet data centres.
 +
 +
==Configuration==
Because of a NAT persistence need in the Juniper SRX series, in order to get VOIP calls to run properly, you need to get a few things done. <br>
Because of a NAT persistence need in the Juniper SRX series, in order to get VOIP calls to run properly, you need to get a few things done. <br>
1. Make sure you have disabled SIP ALG before beginning. <br>
1. Make sure you have disabled SIP ALG before beginning. <br>
Line 25: Line 28:
                                 }
                                 }
  </nowiki>
  </nowiki>
 +
 +
[[Category:Networking Devices]]

Latest revision as of 14:14, 5 October 2016

The Juniper SRX Series services gateways provide a hardware firewall platform for installation in Internet data centres.

Configuration

Because of a NAT persistence need in the Juniper SRX series, in order to get VOIP calls to run properly, you need to get a few things done.
1. Make sure you have disabled SIP ALG before beginning.
2. In the CLI run "set security nat source interface port-overloading off" without the quotes.
3. You need to enable nat persistance in the srx's source nat transaltion config. This can be done via the gui too.
Config output from CLI example:

nat {
        source {
            interface {
                port-overloading off;
            }
            rule-set trust-to-untrust {
                from zone trust;
                to zone untrust;
                rule source-nat-rule {
                    match {
                        source-address 0.0.0.0/0;
                    }
                    then {
                        source-nat {
                            interface {
                                persistent-nat {
                                    permit any-remote-host;
                                }
 
Personal tools
Namespaces
Variants
Actions
VoIP.ms Blog
Guides (Français)
Guías (Español)