Allowed SIP Sources
This section is optional, but highly recommended in order to prevent Denial Of Service (DOS) attacks on the WAN SIP ports. One or more source host names or IP addresses may be entered here. When this feature is enabled, inbound SIP packets will only be accepted from the specified source hosts. Any SIP packets received from a source address not in this list will be dropped. If the host name or address of your VoIP provider’s SIP gateway is not known, consult with your VoIP provider.
Check Enable Allowed Sources to enable this feature. Once enabled, SIP packets will be accepted only if they are received from one of the specified sources.
Outbound Proxy Configuration
Check Enable Outbound Proxy if there is a SIP proxy outside of the ClariLink. If selected, all outbound SIP traffic will be forwarded to the designated address. This is only necessary if the SIP domain of your provider is different from the name or address of their proxy server. The SIP Domain is what is usually called the “Server” in the SIP configuration of your phone. In the SIP header it is the host string after the “@” in the SIP FROMURL (e.g. in the SIP URL “email@example.com”, “myprovider.com” is the domain). If myprovider.com uses a server named myprovider.com, then no outbound proxy entry is necessary. However, if they use a proxy server named “somehost.myprovider.com”, then enter that name here. Your VoIP service provider will usually provide the information to use here. If you have more than one service provider, you can add multiple entries. The Outbound Proxy Protocol is the preferred protocol that will be used to communicate with the Proxy Host. The SIP Domainspecifies the domain of the service provider. All outbound calls within that domain will be forwarded to the corresponding outbound Proxy Host.
Inbound Proxy Configuration
Check Enable Inbound Proxy if there is a local SIP proxy (such as a PBX) on the LAN side of the ClariLink. If selected, all inbound SIP traffic which is addressed to a SIP user that matches the specified inbound proxy User Name will be forwarded to the designated address. This option is only required if you have a local PBX and provider which do not use SIP registrations or which registers devices with different user names than the user name or phone number that will be received for inbound calls. An inbound proxy can be either a firewall or a PBX. If it is a NAT device, select the NAT checkbox for that entry. A firewall behind the ClariLink must have a PBX behind it. That firewall needs a port-forwarding rule to forward SIP traffic inbound to the PBX. Without a PBX behind it, the firewall does not have a single place it can forward inbound SIP, and it does not know how to route the SIP packets to the correct phones.
The Enable Inbound Proxy checkbox should be selected to activate the use of your configured inbound proxy entries, or can be unselected to disable them. The Inbound Proxy Protocol is the preferred protocol that will be used to communicate with the inbound proxy. The optional Inbound User Name will be matched with the inbound SIP requests to determine which inbound proxy to use. This can be left blank to be used as a catch-all, meaning that any inbound calls to a user that does not match any other inbound proxy entries will be sent to the catch-all inbound proxy. The User Name must be unique among all inbound proxy entries and must match the static user name assigned by your VoIP provider to your PBX. The Inbound Proxy Host is the IP or fully qualified domain name of the inbound proxy. The Inbound Proxy Port is the listening SIP Port on the inbound proxy. The Inbound Proxy LAN Alias is the alias of the LAN interface on which to reach this inbound proxy. The NAT checkbox should be selected if this inbound proxy is a NAT device such as a firewall. In that case inbound SIP and RTP (voice) traffic will be sent to the inbound Proxy Host address regardless of the addresses specified in the SIP headers.
The Inbound Load-Balanced Host Name is an optional fully qualified domain name that is added to registrations from your phones before sending them out to your provider. This host name must be resolvable by DNS to one or more of the WANs you have selected for SIP. If your phones register to your provider, then your provider will resolve this host name to route inbound calls to one of the ClariLink’s WANs.
The Send Outbound Calls only on Registered WANs is an option which will cause all calls that are coming from the LAN to be routed out the registered WAN of the user. Select this option if your VoIP provider requires that calls (SIP invites) must come from the registered location of the calling user. By default all calls are load-balanced across multiple WANs.
The Enable Full RTP Proxy Mode by default is disabled and, when enabled, the ClariLink will proxy both inbound and outbound RTP traffic.
The Enable Local Call Detection option by default is disabled, when enabled, the ClariLink will attempt to detect when a call is made locally. This means that when two phones on a LAN behind the same ClariLink try to call each other the call will be routed directly on the LAN without involving the provider on the WAN(s).
The Protocols To Use drop-down list specifies which IP protocol(s) to use for outbound SIP traffic. The default value of ANY should normally be used. This allows the ClariLink to decide which protocol (UDP or TCP) to use based on the contents of the SIP packets. If your VoIP provider does not support SIP over TCP then you can select the UDP value or vice-versa.
The Enable Failover on Key option, when selected, allows call failover when a key is pressed on the phone. If a caller is experiencing poor quality on a call, pressing the phone key (0 – 9, *, or #) specified in the Key for Failoverdrop-down list for an amount of time at least Key Press Hold Time seconds will cause the call to fail over to another available WAN.
This section is optional, and is only used if any SIP clients will register with the ClariLink as their server. If all SIP clients will register to a remote SIP server then this section may be ignored. Please note that SIP registrations are only allowed from clients on a ClariLink LAN and those clients must be configured to use the ClariLink as their outbound SIP proxy. Check Require Registrar Authentication if you want each SIP registration to be authenticated. Each registration request will be challenged to supply authentication information for the specified user name or to supply a global password. Although this feature is optional it is recommended to prevent unauthorized registrations. The Authentication Domain contains the domain, or realm, in which the user authentication information is valid. This domain will be passed to the client in the authentication challenge.