How the SIP ALG translates IP addresses in the SIP body

How the SIP ALG translates IP addresses in the SIP body

The SDP session profile attributes in the SIP body include IP addresses and port numbers that the SIP ALG uses to create pinholes for the media stream.

The SIP ALG translates IP addresses and port numbers in the o=, c=, and m= SDP lines. For example, in the following lines the ALG could translate the IP addresses in the o= and c= lines and the port number (49170) in the m= line.

o=PhoneA 5462346 332134 IN IP4 10.31.101.20 c=IN IP4 10.31.101.20

m=audio 49170 RTP 0 3

If the SDP session profile includes multiple RTP media streams, the SIP ALG opens pinholes and performs the required address translation for each one.

The two most important SDP attributes for the SIP ALG are c= and m=. The c= attribute is the connection information attribute. This field can appear at the session or media level. The syntax of the connection attribute is:

Where

c=IN {IPV4 | IPV6} <destination_ip_address>

  • IN is the network type. FortiGate units support the IN or Internet network type.
  • {IPV4 | IPV6} is the address type. FortiGate units support IPv4 or IPv6 addresses in SDP statements.

However, FortiGate units do not support all types of IPv6 address translation. See “SIP over IPv6”.

  • <destination_IP_address> is the unicast numeric destination IP address or domain name of the connection in either IPv4 or IPv6 format.

The syntax of the media attribute is:

Where

m=audio <port_number> RTP <format_list>

  • audio is the media type. FortiGate units support the audio media type.
  • <port_number> is the destination port number used by the media stream.
  • RTP is the application layer transport protocol used for the media stream. FortiGate units support the Real Time Protocol (RTP) transport protocol.
  • <format_list> is the format list that provides information about the application layer protocol that the media uses.

Having trouble configuring your Fortinet hardware or have some questions you need answered? Ask your questions in the comments below!!! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Leave a Reply

Name *
Email *
Website