Filter
Top Products
Chapter 15 ALG
ZyWALL 110/310/1100 Series User’s Guide
235
Peer-to-Peer Calls and the ZyWALL
The ZyWALL ALG can allow peer-to-peer VoIP calls for both H.323 and SIP. You must configure the
firewall and NAT (port forwarding) to allow incoming (peer-to-peer) calls from the WAN to a private
IP address on the LAN (or DMZ).
VoIP Calls from the WAN with Multiple Outgoing Calls
When you configure the firewall and NAT (port forwarding) to allow calls from the WAN to a specific
IP address on the LAN, you can also use policy routing to have H.323 (or SIP) calls from other LAN
or DMZ IP addresses go out through a different WAN IP address. The policy routing lets the ZyWALL
correctly forward the return traffic for the calls initiated from the LAN IP addresses.
For example, you configure the firewall and NAT to allow LAN IP address A to receive calls from the
Internet through WAN IP address 1. You also use a policy route to have LAN IP address A make
calls out through WAN IP address 1. Configure another policy route to have H.323 (or SIP) calls
from LAN IP addresses B and C go out through WAN IP address 2. Even though only LAN IP address
A can receive incoming calls from the Internet, LAN IP addresses B and C can still make calls out to
the Internet.
Figure 137 VoIP Calls from the WAN with Multiple Outgoing Calls
VoIP with Multiple WAN IP Addresses
With multiple WAN IP addresses on the ZyWALL, you can configure different firewall and NAT (port
forwarding) rules to allow incoming calls from each WAN IP address to go to a specific IP address on
the LAN (or DMZ). Use policy routing to have the H.323 (or SIP) calls from each of those LAN or
DMZ IP addresses go out through the same WAN IP address that calls come in on. The policy
routing lets the ZyWALL correctly forward the return traffic for the calls initiated from the LAN IP
addresses.
For example, you configure firewall and NAT rules to allow LAN IP address A to receive calls through
public WAN IP address 1. You configure different firewall and port forwarding rules to allow LAN IP
address B to receive calls through public WAN IP address 2. You configure corresponding policy
routes to have calls from LAN IP address A go out through WAN IP address
1 and calls from LAN IP
address B go out through WAN IP address 2.