Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


SCCP Support in ScreenOS Devices Overview


Skinny Client Control Protocol (SCCP) is supported on security devices in Route, Transparent, and Network Address Translation (NAT) modes. SCCP is a binary-based Application-Layer protocol used for voice over IP (VoIP) call setup and control. In the SCCP architecture, a Cisco H.323 proxy, known as the CallManager, does most of the processing. IP phones, also called end stations, run the Skinny client and connect to a primary (and, if available, a secondary) CallManager over TCP on port 2000 and register with the primary CallManager. This connection is then used to establish calls coming to or from the client.

The SCCP ALG supports the following features:

  • Call flow—Allows calls from a Skinny client, through the CallManager, to another Skinny client.

  • Seamless failover—Switches over all calls in process to the standby firewall during failure of the primary firewall.

  • VoIP signaling payload inspection—Fully inspects the payload of incoming VoIP signaling packets based on related RFCs and proprietary standards. Any malformed packet attack is blocked by the ALG.

  • SCCP signaling payload inspection—Fully inspects the payload of incoming SCCP signaling packets in accordance with RFC 3435. Any malformed-packet attack is blocked by the ALG.

  • Stateful processing—Invokes the corresponding VoIP-based state machines to process the parsed information. Any out-of-state or out-of-transaction packet is identified and properly handled.

  • Network Address Translation (NAT)—Translates any embedded IP address and port information in the payload, based on the existing routing information and network topology, with the translated IP address and port number, if necessary.

  • Pinhole creation and management for VoIP traffic—Identifies IP address and port information used for media or signaling and dynamically opens (and closes) pinholes to securely stream the media.