Firewall IP and Bypass

In this example, MRS is located in front of the firewall (from the system perspective). This type of configuration requires Firewall IP and ByPass settings in Call Switching > Locations > MRS Allocations.

The firewall uses different IP addresses (or interfaces) to separate the networks, the office network users have no routing configuration towards the server network (firewall is the nearest visible endpoint). A single NAT location is created for the office users. In this case Firewall IP and ByPass are defined in the location’s MRS allocation settings. With Firewall IP the office users are always streaming towards the firewall that is configured to relay the data towards the MRS. MRS transmits the RTP towards the call target in the server network. Firewall performs port forwarding to be able to relay RTP back to users – for this reason MRS needs the ByPass setting, as it is not aware of the real address of the other end before it has received the first packet from the firewall.

Note: When the Firewall IP and ByPass settings are in use, reserve the MRS module for NAT use only.

To configure the NAT location in the System Configurator:

  1. Create a location Call Switching > Locations. For more information, see the System Configurator document and Managing Locations.

    • Enter Name and Description.

    • Select Network Address Translation (NAT).

    • Define the location contents with either Users, Network Elements, or IP Ranges.

    • To allocate the MRS module for this location, click Add New in the MRS Allocation block and define the following settings. After adding one MRS, click Save in the lower right corner of the block.

      • Choose the MRS module from the list.

      • Enter an integer number for the Priority, the setting is mandatory. If there is only one MRS module in the location, the priority value has no effect but it must be entered.

      • Enter the Firewall IP address (the only endpoint the terminals in office network see) 10.1.2.1.

      • If nothing is defined for Maximum Number of Simultaneous NAT Streams, the default value is 100 is used. The value should be at least the same as the number of simultaneous NAT calls expected to be routed via this MRS.

      • Check the Use Bypass checkbox. This enables that the MRS waits for the first received packet from the NAT location and uses the received source address as a stream target, regardless of the one given in signaling.

    • Save your entries.

  2. To enable NAT, choose Global Switching Settings > NAT and check the Use NAT option.

Figure 1. Office and Server Networks Separated with Firewall