The MGCP ALG includes the following security features:
Denial of Service (DoS) attack protection.—the ALG
performs stateful inspection at the UDP packet level, the transaction
level, and at the call level. MGCP packets matching the RFC3435 message
format, transaction state, and call state, are processed. All other
messages are dropped.
Security policy enforcement between gateway and gateway
controller (signaling policy).
Security policy enforcement between gateways (media policy).
Per-gateway MGCP message flooding control. Any malfunctioning
or hacked gateway will not disrupt the whole VoIP network. Combined
with per-gateway flooding control, damage is contained within the
Per-gateway MGCP connection flooding control.
Seamless switchover/failover if calls, including calls
in progress, are switched to the standby firewall in case of system