SIP Application Level Gateway (ALG) for Firewall Traversal

Use a proxy within the (possibly private) network:

Firewall permits SIP and RTP traffic to/from the Application Level Gateway (ALG) proxy. For some recent work in this area see [Zhou 2010].

Slide Notes

B. Zhou and D. Liu, ALG consideration of SIP, Internet-Draft, IETF Network Working Group, March 1, 2010, Expired: September 2, 2010 http://tools.ietf.org/html/draft-zhou-sip-alg-00 Links to an external site.

Transcript

[slide380] We can, as I mentioned, use application layer gateways. So now when the media session occurs, we tell the firewall to let it through, we get to our application layer gateway proxy, and then we forward the media session inside. But this means, as you note, that all the signaling has to happen via the proxy. That way it's aware of the contents of the SIP messages, which ports are going to be used. And it can inform the firewall.