SIP Settings

There are several pages that control Internet Gate's SIP capabilities. This is the main SIP Settings page. There are links to the other SIP configuration pages at the bottom of the page.

The Internet Gate is pre-configured to be SIP-transparent, allowing SIP traffic to effortlessly pass through the firewall. You do not need to tweak or configure the settings if all you want is getting simple SIP traffic through the firewall. Below settings are for additional functionality besides basic transparency.

Turn off ICE, STUN, uPnP and other “tricks” that your SIP client's try to use to get through ordinary firewalls. As the Internet Gate is SIP transparent such “tricks” are harmful and unnecessary - and might even actually stop SIP traffic from getting through the firewall!

The Internet Gate can act as your own SIP server. Simply enter the name of your domain and enable checkbox. Read more here.

Enabling Internet Gate's built-in SIP server might require purchase of a license.

If needed you can specify a different realm for client authentication than the client's own domain name.

You can also specify what users are allowed to register to your Internet Gate's SIP server. Inside users are SIP clients on your LAN, Outside users are SIP clients on the Internet.

Allowing users on the Internet to register on your server is always a security risk!

Fortunately Internet Gate has some powerful filtering available for its SIP server: you can limit who is allowed to connect and who is allowed to make outgoing calls.

SIP clients registering are divided into inside users (on your LAN) and outside users (on the Internet).

You can allow anyone on your LAN to register, with or without authentication (password). Select Inside users: All to allow anyone on your LAN to register without authentication, or -if you have a wireless access point- select Inside users: Authenticate.

If you have a wireless access point then remember that wireless clients are also on the LAN! Anyone connecting to your wireless access point -even from outside your walls- are considered to be “inside users”. Therefore it is a security risk to allow wireless users register without authentication!

Outside users on the other hand should not allowed to be registered (select “None”), except if you must allow remote users (e.g. distance workers) to register to your server. In such case select “Authenticate”. Never select “Outside users: All” as that would allow anyone on the Internet to register to your server and make calls!

Allow outgoing calls only for users calling from inside (your LAN). Once again, never select “All” as that would allow anyone on the Internet to make calls.