Q. How do I configure my SIP device to work with NATPass™?
A. You have to configure only one additional field in you Sip device with your Natpass' IP address or FQDN and disable other NAT settings. Most vendors call it Outbound Proxy. For sample screenshots for configuring various devices CLICK HERE : Sipura ; Snom ; Linksys ; Hitachi wi-fi ; Grandstream ; Polycom.
Q. How is NATPass™ licensed? What if I change my hardware?
A. Natpass is licensed according to number of registered devices. The number of channels or concurrent calls from those registered devices is not limited. Licenses are generated based on the IP address of the server running the application. If the IP address is changed the apllication would become unlicensed, to avoid that, a new license would have to be issued (processing fee might apply).
Q. If NATPass™ can bypass my firewall does it mean that my firewall is broken or not secure enough?
A. No. It uses some SIP specific features to traverse through NAT/Firewall and only your SIP PHONE can use it. It does not compromise your network.
Q. How can NATPass™ release the media stream when most far end NAT-traversal/SBC solutions can’t?
A. That is part of the unique algorithm from NATPass™. It basically discovers what kind of NAT it is dealing with for each call and makes use of SIP signaling options (183 session progress; re-invite) to redirect media stream to pinhole opened by current session in remote firewalls.
Q. What Operating Systems can be NATPass™ installed in?
A. NATPass™ is build for Linux only and can run in most linux distributions. The preferred distributions today are Red-hat and Suse.
Q. How do I install NATPass™ in a Linux distribution other than the preferred ones?
A. It is a matter of downloading the missing libraries for the distribution used, usually available on line. Use RedHat version when installing on a non-preferred Linux distribution. During installation it is indicated what libraries are missing. Many customers run NATPass™ on Fedora Core, CentOS and others.
Q. What other applications or dependencies are required to install NATPass™?
A. None, NATPass™ is optimized for best performance therefore all logic needed is built-in. In fact, it is best not having “by default” services like Apache, php, mysql, xinetd running in the server. In some cases DNS cache service is recommended but not required. If NATPass™ monitoring module is going to be installed in the same hardware, Apache would be required.
Q. Does it work with TCP?
A. No. It supports only UDP. But TCP support is on the roadmap.
Q. How many network interfaces are needed?
A. Only one network interface and IP address is needed. However you have the option of configuring a second interface/IP address that is used by the application to discover more efficiently what kind of NAT is the remote SIP device connecting from.
Q. Would NATPass™ support calls when both caller and callee are behind NAT? Would RTP be released?
A. Yes, NATPass™ does not require one of the endpoints on a public IP address. RTP or media stream will flow directly between endpoints in almost all cases except when one of the devices is behind a symmetric NAT (see question about symmetric NAT)
Q. Does it work with H-323?
A. No. It supports only SIP.
Q. What ATAs and Sip phones work well with NATPass™?
A. Any SIP compliant (rfc 3261) device should work fine. They must support Outbound Proxy. Refer to NATPass™ web site for a list of Interop tested manufacturers.
Q. Is NATPass™ a software only solution? Can I buy a NATPass™ appliance?
A. Yes and Yes, NATPass™ is a software solution however our partners can provide pre-loaded 2U or 4U servers.
Q. What kind of firewall is supported? Does it work with Symmetric NAT?
A. It should work with any type of firewall including Symmetric NAT. Symmetric NAT is performed only by advanced enterprise routers, in that case NATPass™ will recognize this scenario and will make the call succeed by signaling and doing RTP bridging. It is all transparent for the user and there is no need to reconfigure anything.
Q. What is Symmetric NAT? Is my firewall Symmetric?
A. You can find classification of NAT in RFC 3489 – STUN http://www.faqs.org/rfcs/rfc3489.html. It should not mater what type of firewall you have.
Q. Is there any case in which NATPass™ won’t work?
A. NATPass™ and any other VoIP SBC or nat traversal solution can’t traverse advanced firewalls where explicit rules for blocking VoIP ports/service have been configured. This is unlikely to happen for residential/SOHO users and most enterprises.
Q. Is NATPass™ better then STUN?
A. They are two different solutions. STUN is less universal. NATPass™ works in many more situations where STUN alone does not work. STUN will not work if you are working behind new symmetric NAT routers. You can use STUN alone if you are familiar with configuring SIP devices to work behind NAT, if your PHONE supports STUN or if your NAT is not Symmetric.
Q. Are Video phones supported?
A. Yes, Video calls work. And in many cases all media stream is released however there are some not mature video phone implementations that might require some modification in order to having NATPass™ releasing video media stream. Anyhow video calls work and media will be automatically bridged only when strictly needed.
Q. What ports does NATPass™ use?
A. The ports used are configurable. For SIP signaling it uses 5 ports: the base port configured the four consecutive ports. All devices should be configured to use base port. Regarding media ports or RTP ports a range is configured, the number of ports in the range must be at least twice the number of concurrent calls you plan to have.
Q. How can I force Full mode for some accounts only?
A. Configure the endpoint to use base port (as defined on configuration file) + 4. I.e. if NATPass™ base port is 5065, it will also open port 5069 for full mode connections.
Q. Can I have a redundant NATPass™ server? Can NATPass™ support redundant proxies?
A. Yes and Yes, there are two ways to achieve redundancy DNS SRV records and Virtual IP – High Availability. Both are supported by NATPass™ allowing redundant or active-standby type of proxy servers. When configuring high availability NATPass™ application can run on an active server and automatically switch over to a standby server when the main one fails.
Q. I have other questions, how can I get answers to them?
A. You can either fill out our contact form and specify your question there or contact one of our partners directly.
|
