Follow

Juniper SRX100 / SRX200 / SRX220 (JunOS)

The Juniper SRX100 uses Juniper Networks JunOS to manage this small business gateway device. In running it through our lab test document, we found that the SIP ALG is does not function well with OnSIP and as such we suggest that you turn off the SIP ALG. To do so, log into the Root account and choose Configuration. From there, select Security then ALGs and finally VoIP ALG. Then on the right side of the pane, select the SIP tab. Ensure that "Enable SIP ALG" is NOT checked as shown in this screenshot:

 

Per one of our customers sharing (November 2016), in the SRX220 you'll also need to do the following:

The SRX series has the concept of security 'zones'. An example of zones would be untrust (internet) vs. trust (internal resources)... In this particular case, we had the 'internet' zone and the 'phone' zone for which traffic was not being passed.

The solution is to create a security rule to permit traffic from 'internet' (untrust) to 'phones' (trust). Once that policy was created then the system started working no problem. Below is a screenshot for your archives, it's basically wide-open, could be closed a bit more but this is policy, not firewall; best practices should still be applied.

Here is the SRX Configuration with policy set as per OnSIP's NAT Transversal kb article:

show security zones security-zone Internet

address-book {; address ONSIP-SERVERS-A 66.227.100.0/24; address ONSIP-SERVERS-B 199.7.172.0/22;}

show security policies from-zone Internet to-zone Phones
policy All_Internet_Phones {match {source-address [ ONSIP-SERVERS-B ONSIP-SERVERS-A ];
destination-address any; application any;} then {permit;}}

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

Powered by Zendesk