A SIParator is a SIP enabled firewall that you can use in parallel (connected directly to the internet) or in conjuction with your existing firewall (e.g., a PIX firewall); with a typical firewall you are required to open RTP and RTCP ports for traffic because the firewall does not automatically recognize SIP. The SIParator however, automatically recognizes RTP and RTCP traffic and opens those ports. There are multiple possibilities for configuration, which include being connected to the DMZ or being connected to the DMZ and the private network (LAN).

Filtering based on Content Type

Features within a SIParator allow you to create filter rules to block individuals from using your network.; you can also specify what ports to use, and it would be easier to spoof SUBSCRIBE and NOTIFY without the SIParator in place; you can filter requests based on the contents of the From and To SIP headers. Requests that do not match any rule are handled according to the DEFAULT HEADER FILTER POLICY. You can use the wildcards * (match any number of characters) and ? (match a single character). The SIParator will only let through SIP packets that have one of the content types (MIME types) shown next:

Access for a SIP phone Outside the Network (Remote Phone Support)

Access the Web interface for your particular SIP phone and navigate to the Phone Configuration. You need to make SIP Server settings in the Phone Configuration to the redirect server, which requires the sipX IP address, and the proxy/outbound proxy server, requires the SIParator address; when these settings have been made, you can then access the network from your location (DNS is setup on the network you are trying to access from the public internet to handle calls to the SIParator because the proxy server address you set in your local/remote client is the SIParator address) examples of each are shown next:

SIP_DIRECTORY_SERVERS (Redirect Server) - example.com

SIP_PROXY_SERVERS - 00.000.000.00

STUN server Setting

If you have a phone that runs a STUN client, the SIParator is also a STUN server.
In this case, no ports need to be opened up on your NAT router. Use the STUN Server if you have STUN-aware SIP clients. Two public IP addresses are needed at a minimum.

The IP addresses for the STUN service are 00.000.000.00 and 00.000.000.00

There is a parameter setting with the SIParator GUI environment to turn STUN server function: On, shown next:

Remote NAT Traversal

If the SIP client is not STUN capable, you can use the built in Remote NAT traversal feature of the SIParator. The SIP client needs to re-Register or respond to OPTIONS packets rather often for this to work.

If you are using NAT, you also need to set the PHONESET_EXTERNAL_IP_ADDRESS to the public IP address of your NAT router.

SIP Trunk Support

You can also use your SIParator as an SBC to allow communication between your sipXecs system and an ITSP (SIP Trunk) on the Internet to connect to the PSTN.

See SIP Trunking section for how to configure your sipXecs system to route calls via the SIParator to reach the ITSP on the outside network.

In the SIParator configuration, you need to configure connections between sipXecs and the ITSP to operate in B2BUA mode.

Configure "Matching Request-URI"

Remove the line "Outbound_plus" and all columns should be empty except for the following:

Configure "Forward To"

All columns should be empty except for the following:

MetaSwitch Requirements

When configuring Ingate SIParator to a Metaswitch, Metaswitch interprets a change in the TO Tag as a new call, and sends a bye and a new Invite.  Than can be observed when a call to an extension is unanswered, and forwards to voicemail, and either drops or gives a re-order.

To fix this behavior, under SIP Trunks,  View Trunks, SIP Trunking Service, change "Show only one TO tag" from default of NO to YES.