Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Configuring MGCP Settings

 

To configure Media Gateway Control Protocol (MGCP), use the MGCP Settings option. MGCP is a text-based, Application Layer protocol that can be used for call setup and call control. The protocol is based on a master/slave call control architecture: the media gateway controller (call agent) maintains call control intelligence, and media gateways carry out the instructions from the call agent.

Setting MGCP Inactivity Timeouts

You can configure the following types of inactivity timeouts that determine the lifetime of a group:

  • Inactive Media Timeout in seconds—This parameter indicates the range a call can remain inactive without any MGCP traffic. Each time an MGCP message occurs within a call, this timeout resets. If the timeout value is reached, the security device removes all sessions for this call from its table, thus terminating the call. The default setting is 120 seconds and the range of values is 10 to 255 seconds.

  • Transaction Timeout in seconds—This parameter indicates the range of time a call can remain inactive between the gateway and the certificate authority (CA). If the timeout value is reached, the security device removes all sessions for this call from its table, thus terminating the call. The default setting is 30 seconds and the available values range from 5 to 50 seconds.

  • Maximum call duration in minutes—This parameter indicates the maximum length of time a call can remain inactive between the gateway and the certificate authority (CA). The call is cleared if the transaction times out. The default is 720 minutes.

As a firewall, it might be necessary to parse all messages strictly and drop the unidentified messages. However, the following options are available to pass messages that cannot be decoded by the device in either Route mode or NAT mode:

  • Pass unidentified MGCP message in route mode

  • Pass unidentified MGCP message in NAT mode

Configuring MGCP Firewall Features

The MGCP firewall features allow you to enable flood protection to and from the gateway.

  • Connection Flood Protection to/from Gateway—Control pinhole connections by setting a limit to the rate of CRCX command processing. CRCX commands that exceed the limit are dropped. The range is 1 to 65,535 and the default is 1,000.

  • Message Flood Protection to/from Gateway—Messages are dropped if they arrive at a rate (in seconds) higher than the configured rate. The range is 1 to 200 and the default is 200 seconds.

For more information about configuring MGCP on security devices, see the “Fundamentals” volume in the Concepts & Examples ScreenOS Reference Guide.