Before you start this task, ensure that a SIP Session Profile, configured for a
firewall, and a SIP Router Profile, configured for Application Level Gateway, exist in
the BIG-IP® system configuration.
You can create a virtual server to handle SIP communications and related media
flows, allowing them to pass through otherwise restrictive firewall rules.
On the Main tab, click
The Virtual Server List screen opens.
Click the Create button.
The New Virtual Server screen opens.
In the Name field, type a unique name for the virtual
From the Type list, select Message
In the Source Address field, type
0.0.0.0/0 for the source address and prefix
In the Destination Address/Mask field, type the IP
address in CIDR format.
The supported format is address/prefix, where the prefix length is in bits.
For example, an IPv4 address/prefix is 10.0.0.1
, and an IPv6 address/prefix is
. When you use an IPv4
address without specifying a prefix, the BIG-IP®
automatically uses a /32
Note: The IP
address for this field needs to be on the same subnet as the external
In the Service Port field, type
From the Configuration list, select
From the Application Protocol list, select
From the Session Profile list, select a SIP session
Note: For a SIP firewall configuration, you can use the
From the Router Profile list, select a SIP router
Note: For a SIP firewall configuration without mirroring, you can
use the siprouter-alg profile. For a SIP firewall
configuration with mirroring, you must use a router profile configured for
Complete the following steps to disable all translation functionality on the
From the Source Address Translation list, select
Clear the Address Translation check box.
Clear the Port Translation check box.
A message routing virtual server is configured to handle SIP firewall communication
as defined by the SIP Session Profile and Router Profile.
You can configure a DoS Profile in Advanced Firewall Manager™
(AFM™) to use this virtual server.