> It (ALG) gets in the way of sipx in trying to negotiate the sip > registration > or media. > > I am a little confused now - when I started gathering info on SIP PBX deployment an ALG / B2B-UA made sense for me as a means of only opening as few inbound / outbound ports as possible (which is a good thing, right?). My ALG would basically work as a SBC that acts like a virtual endpoint for incoming calls, effectively protecting sipX from getting swamped with illegitimate RTP streams (i.e. a DOS attack) because the ALG only opens the ports negotiated in the SDP. If I got you right - please correct me here - you suggest that the typical approach for deploying sipX is more or less exposing it with 1001 port forwardings (SIP 5060 + RTP 30000 - 31000) and no outbound port firewall rules (as any destination port number may be needed for SIP signaling or RTP streams). Would you really do that in a professional environment? This may sound like criticism but the truth is that I have absolutely no clue. :-) Please enlighten me!
> Leaving it on will result in broken media for remote users as well as any > itsp calls. It is a big fat no-no. > > How would a SIP carrier use sipX if it were incompatible to SBCs due to the fact that you cannot "dumb it down" ? Maybe I did not understand the scope / goal of sipX?
_______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users sipXecs IP PBX -- http://www.sipfoundry.org/
