PrepAway - Latest Free Exam Questions & Answers

Which of the following is NOT a method used to configure SIP?

Which of the following is NOT a method used to configure SIP?

PrepAway - Latest Free Exam Questions & Answers

A.
With SIP Proxies.

B.
With a SIP Gatekeeper to a network without a proxy.

C.
From a network without a proxy to a network with a proxy.

D.
With a proxy for internal communications.

E.
Without SIP Proxies.

Explanation:

According to Check Point Management II course book > under page 119, it says that 4 listed
methods are: (1).With Proxies (2).Without Proxis (3)From a Network without proxy to a network
with Proxies (4).With a proxy for internal communication.
Configuring FireWall-1 and VoIP with SIP
There are a few different ways to configure VoIP with SIP. You can configure
SIP using a SIP proxy on one or both ends of the connection, or you can use
a SIP redirect server to provide DNS services to map IP addresses to SIP
URLs. You can also configure SIP without using proxies. Figure below depicts
these three proxy scenarios.

Configuring Objects
Before configuring specific VoIP objects to the firewall, you must define
Address Range or Network objects that represent the network of IP-based
phones. You could also create Host Node objects to represent each phone
and then put all the Host Node objects into a group. To create an Address
Range object, follow these steps:
1. Go to Manage _ Network Objects and choose New _ Address Range .
2. Define the range of IP addresses that represent your IP phones, as
shown in Figure below :

To create a group, follow these steps:
1. Go to Manage _ Network Objects and choose New _ Node _ Host.
2. Define an object to represent each individual phone, as depicted in
Figure below :

3. Go to New _ Group _ Simple Group and define the group name.
4. Select the Host Node objects you created and move them into the
In Group column, as shown in Figure below :

5. At this point, if you’re using a SIP proxy or a SIP redirect server, you must
configure a VoIP Domain SIP object by going to Manage _ Network
Objects and clicking New _ VoIP Domains _ VoIP Domain SIP. This
step is demonstrated in Figure below. (We gave the object a name and
then pulled the previously defined Address Range object into the
Related Endpoints Domain pull-down menu. Alternatively, we could
have pulled in the group object.)

6. Pull in the host node object that represents the SIP proxy.
VoIP Global Properties exist as well and should be configured. Figure 5.12
shows the VoIP Global Properties options:
Allow To Re-direct Connections This option must be selected if either
a SIP re-direct or proxy server is being utilized. Turn this option off only
if no proxies or redirect servers are involved.
Allow The Destination To Re-Invite Calls If this option is turned on,
users can take advantage of SIPs ability to initiate a new call while a call
is already in progress.
Maximum Invitations Per Call (From Both Directions) This option is
related to the previous one: It quantifies the maximum number of additional
calls that can be placed while the initial call is still in progress.

Configuring the Rule Base
Creating the objects is the easy part. The tough part is creating the rules
because so many different scenarios can come into play.
If the scenario does not include any proxies, you need only one rule. Figure
5.13 shows that the Source and Destination columns must include your SIP
network range and the SIP network range you wish to communicate with.

Note that the Service column is populated with the SIP UDP service. For
any of the SIP rules, you can select the sip service or the sip_any service. The
differences between these two services are described in Table below

If the scenario includes a proxy on only one side of the connection, then
a rule is needed to allow communication from the VoIP Domain SIP object
(the SIP proxy), to the network object, IP address range, or destination as
shown in Figure below.

If the scenario includes proxies on both sides of the connection, then a rule
is needed to allow the SIP proxies to communicate as shown in Figure below.

After determining what rules are needed for your scenario and configuring
your rule base, all that is required is to verify and install your policy and
start talking.


Leave a Reply