Hi all,
To your knowledge, is it possible to place a SIP phone behind a firewall and make it communicate with a SIP server (gateway, PBX) somewhere on Internet, while encrypting the SIP traffic by TLS (let's say, SIP control channel is over TCP)? Given that FW also works as a NAT gateway?
As I understand from VoIP Administration Guide, it's not possible. Unlike FortiGate, Checkpoint FW doesn't support TLS inspection (full man-in-the-middle) for SIP. But I may be wrong.
And without inspection, FW won't be able to interpret SIP signaling and open ports for outgoing or, especially, incoming RTP connections from the PBX to the phone.
Is my understanding correct? Has someone tried such configuration?
Thanks,
Vladimir.