You can verify if your router is SIP ALG ENABLED by downloading and running our SIP ALG TESTER Program:
Step 1: Create a “Static NAT (SNAT)”
First, configure the Static NAT to forward incoming traffic from the Static Public IP to the local IP of the PBX:
- Navigate to Firebox® UI > Firewall > SNAT and click Add.
- Name the SNAT Policy, e.g., “VANTACT_SNAT”.
- Select Static NAT.
- Under SNAT Members, click Add.
- Select the External Static IP from the drop-down menu. (e.g., the external IP is 192.168.3.55 used to NAT inbound traffic to the PBX).
- Enter the Internal/Private IP address of the PBX (e.g., 192.168.4.40) and click OK.
- Click Save to activate the SNAT Policy.
Step 2: Create Firewall Policy
After setting up the Static NAT, configure the Firewall Policy:
- Navigate to Firebox® > Firewall > Firewall Policies and click Add Policy.
- Name the Policy, e.g., “VANTACT_Services”.
- Select Custom as the “Policy Type” and click Add.
- Name the Policy Template, e.g., “VANTACT_Ports”.
- Use the Add button under Protocols to add a custom list of ports to allow connections to the PBX:
- SIP: 5060-5061 TCP
- RTP: 40000-65000 UDP
- Choose Single Port or Port Range as needed. After setting all ports, click Save.
- Remove the default From and To objects.
- Under From, click Add.
- Select Any External from the drop-down menu and click OK.
- Under To, click Add.
- Select Static NAT from the drop-down menu.
- Choose the previously created SNAT (e.g., “VANTACT_SNAT”) and click OK.
The Firewall Policy should look like this:
Note: Using “Any External” allows any host to connect to the public IP Address of the PBX. To restrict the source of incoming traffic, create a group of allowed IPs under “From”.