For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Juha_Metsansalo's avatar
Juha_Metsansalo
Icon for Nimbostratus rankNimbostratus
Feb 25, 2016

SIP traffic outbound irule

Hi,

I'm creating an irule to our Sib Lab enviroment (later to also in production). What I'd like to to is that the SIP traffiac will go through the SNAT and other traffic (like dns requests etc) will be forwarded as is and not going through the SNAT.

I've built the following oubound virtual.

ltm virtual /siplab/SIP_Server_outbound {
    description "Forward outgoing traffic from vlan 942"
    destination /siplab/0.0.0.0%10:0
    ip-forward
    mask any
    profiles {
        /siplab/siplab_fastL4 { }
    }
    rules {
        /siplab/siplab_SNAT_exclude
    }
    source 0.0.0.0/0
    translate-address disabled
    translate-port disabled
    vlans {
        /siplab/vlan942_siplab
    }
    vlans-enabled
}

Wondering which would be the best way to recognize the SIP traffic in iRule.

application delivery
iRules

1 Reply

  • Yann_Desmarest's avatar
    Yann_Desmarest
    Icon for Cirrus rankCirrus
    Mar 16, 2016

    Hello,

     

    Depending on your sip environment, you may write an irule to take decisions based on TCP or UDP ports and source/destination IP addresses. Then, you will be able to disable or enable SNAT within the irule.

     

    If you need more, you can go deep in the TCP or UDP content and check for SIP headers to identify SIP content.

     

    The following command will help you turn off snat : snat none (to be done within the irule)