Announcement

Sip

Are you doing NAT at the firewall?

Don't you mean in front of the firewall, behind would be in your LAN. If you are conducting SIP through a firewall, you need to make sure your firewall supports SIP.

Nat

Most firewalls do not handle SIP at all, 99.9% of them don't handle it correctly.

Exactly

Its weird. Im using a SonicWall TZ170 which claims to have full SIP support. When i watch the logs on the firewall i see the request from the phone, i see the phone register at the firewall ex:[email protected] SIP endpoint added), i then see the translation for the phone to register at the ShoreTel SIP Proxy Virtual IP ([email protected] translated to [email protected]). Then the next log shows the termination of the endpoint. It looks like the traffic is making it to where it needs to go, just not registering. I didn't know if anybody else was trying to add SIP extensions in front of their firewall.
Thanks for the replies guys. I will continue to adjust until I get there!

SIP Issues

As another has already pointed out, most firewalls, particularly the low end sonicwall, are not truely sip aware. Registration takes place on a specific port; the media stream, however can be all over the RTP map! You would have to make so many ports open, that you would not have a firewall left! SIP aware firewalls are able to monitor the flow between registered end points looking at the source and destination ports to open/close RTP sessions as required. That takes a fairly sophisticated firewall. ShoreTel currently supports the Siperator by Ingate. CISCO ASA does a nice job, but I dont think they will be on the ShoreTel partner support page. Optionally, you can build a SIP tie line to a Linux box running Asterisk and let the askterisk box handle the interface to the SIP ISP. We have had great results with that strategy; it also enables us to handle 7920 SCCP wireles phones as Asterisk supports skinny.