Page 146 / 944
Scroll up to view Page 141 - 145
Chapter 7 Tutorials
ZyWALL USG 50 User’s Guide
146
1
Click
Configuration > Firewall
>
Add
. Set the
From
field as
WAN
and the
To
field as
DMZ
. Set the
Destination
to the HTTP server’s DMZ IP address object
(
DMZ_HTTP
).
DMZ_HTTP
is the destination because the ZyWALL applies NAT to
traffic before applying the firewall rule. Set the
Access
field to
allow
and the
Service
to
HTTP
, and click
OK
.
Figure 104
Configuration > Firewall > Add
7.11
How to Use an IPPBX on the DMZ
This is an example of making an IPPBX x6004 using SIP in the DMZ zone
accessible from the Internet (the WAN zone). In this example you have public IP
Page 147 / 944
Chapter 7 Tutorials
ZyWALL USG 50 User’s Guide
147
address 1.1.1.2 that you will use on the
wan1
interface and map to the IPPBX’s
private IP address of 192.168.3.7. The local SIP clients are on the LAN.
Figure 105
IPPBX Example Network Topology
Page 148 / 944
Chapter 7 Tutorials
ZyWALL USG 50 User’s Guide
148
7.11.1
Turn On the ALG
Click
Configuration > Network > ALG
. Select
Enable SIP ALG
and
Enable
SIP Transformations
and click
Apply
.
Figure 106
Configuration > Network > ALG
7.11.2
Create the Address Objects
Use
Configuration > Object > Address > Add
to create the address objects.
1
Create a host address object named IPPBX-DMZ for the IPPBX’s private DMZ IP
address of
192.168.3.9.
Figure 107
Creating the Address Object for the IPPBX’s Private IP Address
Page 149 / 944
Chapter 7 Tutorials
ZyWALL USG 50 User’s Guide
149
2
Create a host address object named IPPBX-Public for thepublic WAN IP address
1.1.1.2.
Figure 108
Creating the Public IP Address Object
7.11.3
Setup a NAT Policy for the IPPBX
Click
Configuration > Network > NAT > Add.
•
Configure a name for the rule (WAN-DMZ_IPPBX here).
•
You want the IPPBX to receive calls from the WAN and also be able to send calls
to the WAN so you set the
Classification
to
NAT 1:1
.
•
Set the
Incoming Interface
to
wan1
.
•
Set the
Original IP
to the WAN address object (
IPPBX-Public
). If a domain
name is registered for IP address 1.1.1.2, users can use it to connect to for
making SIP calls.
•
Set the
Mapped IP
to the IPPBX’s DMZ IP address object (
IPPBX-DMZ
).
•
Set the
Port Mapping Type
to
Port
, the
Protocol Type
to
UDP
and the
original and mapped ports to 5060.
• Keep
Enable NAT Loopback
selected to allow the LAN users to use the IPPBX
(see
NAT Loopback on page 327
for details).
Page 150 / 944
Chapter 7 Tutorials
ZyWALL USG 50 User’s Guide
150
• Click
OK
.
Figure 109
Configuration > Network > NAT > Add
7.11.4
Set Up a WAN to DMZ Firewall Rule for SIP
The firewall blocks traffic from the WAN zone to the DMZ zone by default so you
need to create a firewall rule to allow the public to send SIP traffic to the IPPBX. If
a domain name is registered for IP address 1.1.1.2, users can use it to connect to
for making SIP calls.
19216811.live