How much does the network firewall through multimedia communication know?

Why should we review the issue of network firewall traversal today? Because in the daily project work and transport dimension encountered the problem of network traversal, such as Huawei Office phone system Mobile terminal access to open video conferencing and call, Huawei High-definition video conferencing system outside the network terminal access to open video conferencing, the realization of these scenarios are inseparable from a thing- public network and private network through ! This article briefly reviews and summarizes the network firewall through the background, principles and solutions, mind map as follows.

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M02/7F/DA/wKioL1cwI9qwMPdXAAB9_YFlcgQ404.jpg "title=" S1. JPG "style=" float:left; "alt=" wkiol1cwi9qwmpdxaab9_yflcgq404.jpg "/>

• Firewall knowledge Review, what is a firewall?

firewall refers to a combination of software and hardware devices, between the intranet and the external network, the private network and the public network interface between the structure of the protection barrier, it is a combination of computer hardware and software, A security gateway is established between the Internet and the intranet to protect the intranet from illegal users, and the firewall consists of 4 parts: Service access rules, validation tools, packet filtering, and application gateway.

650) this.width=650; "src=" http://s4.51cto.com/wyfs02/M01/7F/D3/wKioL1cvEWLgzBUkAADRELX-7DE048.jpg "title=" 2.JPG " alt= "Wkiol1cvewlgzbukaadrelx-7de048.jpg"/>

• What is a network firewall traversal?

As the name implies, it is normal to cross the firewall (rather than illegal intrusion). In order to network security, some large enterprises will deploy a large number of firewalls, NAT (network address translation, intranet terminal access outside network, address translation), security detection and other equipment, and some applications are special, these devices can not meet the communication conditions of these applications, resulting in the inability to use At this time need to have such a device, behind the firewall device, assume these special functions, help the information flow of the outside network smoothly through the firewall, and the network device successfully communicate.

• Why firewall traversal?

The above basically has spoken of the meaning of firewall traversal, now from the perspective of multimedia communication why firewall traversal.

  usually nat/firewall devices only for IP and udp/ The address and port number of the TCP header is converted to (so-called network layer) , not the media connection information in the body of the message (application layer) , which causes the nat/firewall to not support SIP/H.323/H.248/MGCP (today's multimedia communication protocol is mainly SIP and the ".)" effective transmission of IP communication protocols.

For example, the external network end-user registration after the call control device will be recorded on its private network address, when the private network terminal to call the public terminal, although the private network terminal can obtain the IP address of the public terminal from the registered gateway, but in the video audio RTP bitstream, Due to the self-limitation of the Agreement, their respective RTP receive port and send port are different, as shown in this way, the private network terminal (public network IP) sent to the RTP stream public terminal can receive, but the public network terminal to the private network terminal (its NAT mapped public address) sent by the RTP stream, in the NAT device, and will not be The conversion of the IP address causes the stream to not pass through the NAT device. A single-pass situation appears.

When the public network terminal to the private network terminal, because the address of the call is directly the private network terminal map of the public address, the NAT device does not support the conversion of the Protocol, so the call can not be established.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/7F/D7/wKiom1cvUCSx5F01AADtHCkhDF4961.jpg "title=" a.jpg " alt= "Wkiom1cvucsx5f01aadthckhdf4961.jpg"/>

• How do I cross a firewall?

Static NAT: For each terminal in the private network, a static NAT on the firewall Nat, that is, the private network address and the public address of a one-to-one mapping, this situation is limited to the terminal situation.

Support the NAT device of the Ethernet protocol, the firewall device that supports the network protocol NAT, can directly understand the content of the protocol, and the IP code stream of the protocol can be converted directly, so that the terminal on the intranet is like on the public network, so that the terminal inside the enterprise can be accessible to the external end to the terminal interoperability.

The net agent through the public and private network: That is, the use of a PC as a firewall export proxy device, in this way, after each firewall to put an agent, the agent needs to be assigned a public IP address.

• Industry Solutions and Products

What I know now is the time SBC Series- sx1000,sx300; Huawei Se2000,switchcenter (SC).

For video conferencing, we use Huawei SC, which is as follows:

650) this.width=650; "src=" http://s5.51cto.com/wyfs02/M00/7F/DA/wKioL1cwKbfhZWbFAAFtCTMWJ7s119.jpg "title=" SC. JPG "alt=" Wkiol1cwkbfhzwbfaaftctmwj7s119.jpg "/>

Networking Description:

1. SC is placed in the DMZ area of the firewall and the NAT map is configured to the public network.

2. The terminal is registered to SC via the SC's private address/public address.

3. You need to define a local private network for the SC set call address.

4. The terminal registers with the SC using either the or SIP protocol, and the SC is responsible for the entire call control (signaling Processor media transfer).

• Think and summarize?

Through this review, the multimedia communication scene-video conferencing outside the network access has a basic understanding, multimedia communication is nothing more than: signaling flow to complete the terminal registration, connection establishment and maintenance; the transmission of a media stream (or code stream), a problem with the signaling transmission, causes the registration exception, the call cannot be initiated, Stream anomalies can result in no sound or no video. In the daily troubleshooting, it is necessary to understand the communication protocol first, and then to implement the process by grasping packet analysis. Further discussion on multimedia communication protocol-h.323 and SIP communication mechanism!

This article is from the "Reminder Flower Rain" blog, please make sure to keep this source http://chenwen.blog.51cto.com/771416/1771452

How much does the network firewall through multimedia communication know?