FAQ

How do I use RADIUS Accounting with Ingate Firewall/SIParator?

This is how to configure your firewall/SIParator to use RADIUS Accounting for calls to or from local users.

If you are only interested in accounting for calls through the firewall/SIParator, you only have to turn the RADIUS Accounting on.

If you also want to bill for calls where both clients are on the same side, you will have to force the users to go via the firewall. For this, the firewall will have to act as a back-to-back user agent (B2BUA) for all calls.

This feature is only available when the SIP Trunking module or Advanced SIP Routing module has been installed.

First, define the RADIUS server to receive accounting ticks. This is done on the RADIUS page. If the RADIUS server should only be used for accounting, you can enter any port number in the table. The firewall will use port 1813 for accounting.

If you use the firewall as the SIP registrar, and the RADIUS server should be used for SIP authentication as well, you need to enter the port number on which the RADIUS server listens for authentication requests (usually ports 1812 or 1645).

Define a local SIP domain. This can be any domain name you like, as long as it isn't an existing domain somewhere else. A good choice is to use your company www domain, but replace the "www" with "sip", like sip.ingate.com. The same domain can also be used in pure SIP-to-SIP calls.

This domain should be entered on the User Database page under SIP Traffic.

Go to the Authentication and Accounting page and turn authentication on. Also enter your SIP domain as the Realm.

If the firewall should be used as registrar, you select to use the RADIUS user database for SIP users and also select which network the SIP users can register from.

On the Dial Plan page, you define how calls should be routed through the firewall. First, turn the Dial Plan on.

In the Matching From Header table, you define from which network the calls can come. You can also select what the From header (that tells who is calling) should look like. This is used when matching requests in the Dial Plan table below. For this example, you only need one criterion to match on; all calls should be treated the same, regardless of origin.

In the Matching Request-URI table, you define call destinations. This is used when matching requests in the Dial Plan table below.

In this case, you want to define a Reg Exp (regular expression) which matches all Request-URIs. Enter "(.+)@(.+)" in the Reg Exp field.

In the Forward To table, you define where calls should be forwarded. This is used in the Dial Plan table below.

In this case, the calls should be forwarded to their original destination, but the firewall should forward them as a B2BUA. Enter "$0;b2bua" in the Reg Exp field. This will reuse the incoming Request-URI, but make the firewall act as a B2BUA instead of a proxy.

At last, you combine these definitions in the Dial Plan table. Make a new row in the table and select the definitions from the tables above.

Now, when a SIP user calls another SIP user, the firewall will step in and always stay in the path for the call. Both SIP clients will signal to the firewall only, and the firewall will forward signaling and media between them.

Finally, go to the Save/Load Configuration page under Administration and apply the new settings by pressing Apply configuration.

« BACK
Ingate Firewalls
Ingate SIParators
Other products
 Box 10013, SE-121 26 Stockholm, Sweden  |  +46-(0)8-600 77 50  |  info@ingate.com  |  Contact us  |  webmaster@ingate.com  |  Home  
  How Ingate uses cookies