Before you start this task, ensure that a SIP Session Profile, configured for a
firewall, and a SIP Router Profile, configured for Application Level Gateway, exist in
the BIG-IP® system configuration.
You can create a virtual server to handle SIP communications and related media
flows, allowing them to pass through otherwise restrictive firewall rules.
On the Main tab, click
The Virtual Server List screen opens.
Click the Create button.
The New Virtual Server screen opens.
In the Name field, type a unique name for the
From the Type list, select Message
In the Source Address field, type
0.0.0.0/0 for the source address and prefix
In the Destination Address/Mask field, type
the IP address in CIDR format.
The supported format is address/prefix, where the prefix length is
in bits. For example, an IPv4 address/prefix is
, and an IPv6 address/prefix is
. When you
use an IPv4 address without specifying a prefix, the BIG-IP®
system automatically uses a
Note: The IP address
for this field needs to be on the same subnet as the external
In the Service Port field, type
From the Configuration list, select
From the Application Protocol list, select
From the Session Profile list, select a SIP
Note: For a SIP firewall configuration, you can use the
From the Router Profile list, select a SIP
Note: For a SIP firewall configuration without mirroring,
you can use the siprouter-alg profile. For
a SIP firewall configuration with mirroring, you must use a router
profile configured for mirroring.
Complete the following steps to disable all translation functionality
on the virtual server.
From the Source Address Translation
list, select None.
Clear the Address Translation check
Clear the Port Translation check
A message routing virtual server is configured to handle SIP firewall communication
as defined by the SIP Session Profile and Router Profile.
You can configure a DoS Profile in Advanced Firewall Manager™
(AFM™) to use this virtual server.