Skip to end of metadata
Go to start of metadata

A SIParator is a SIP enabled firewall that you can use in parallel (connected directly to the internet) or in conjuction with your existing firewall (e.g., a PIX firewall); with a typical firewall you are required to open RTP and RTCP ports for traffic because the firewall does not automatically recognize SIP. The SIParator however, automatically recognizes RTP and RTCP traffic and opens those ports. There are multiple possibilities for configuration, which include being connected to the DMZ or being connected to the DMZ and the private network (LAN).

Filtering based on Content Type

Features within a SIParator allow you to create filter rules to block individuals from using your network.; you can also specify what ports to use, and it would be easier to spoof SUBSCRIBE and NOTIFY without the SIParator in place; you can filter requests based on the contents of the From and To SIP headers. Requests that do not match any rule are handled according to the DEFAULT HEADER FILTER POLICY. You can use the wildcards * (match any number of characters) and ? (match a single character). The SIParator will only let through SIP packets that have one of the content types (MIME types) shown next:

Access for a SIP phone Outside the Network (Remote Phone Support)

Access the Web interface for your particular SIP phone and navigate to the Phone Configuration. You need to make SIP Server settings in the Phone Configuration to the redirect server, which requires the sipX IP address, and the proxy/outbound proxy server, requires the SIParator address; when these settings have been made, you can then access the network from your location (DNS is setup on the network you are trying to access from the public internet to handle calls to the SIParator because the proxy server address you set in your local/remote client is the SIParator address) examples of each are shown next:


In this example DNS SRV is used; if you are not using DNS SRV, you must supply the fully qualified domain name instead of


If you have a home router that is a Firewall + NAT, make sure you have opened up the proper ports. You need to open up ports 5060

  • No labels