|
Enable SIP ALG
|
Enables or disables the SIP ALG.
|
Click the check box.
|
|
C Timeout
|
Specifies the INVITE transaction timeout at the proxy, in minutes;
the default is 3. Because the SIP ALG is in the middle, instead of
using the INVITE transaction timer value B (which is (64 * T1) = 32
seconds), the SIP ALG gets its timer value from the proxy.
|
Select a value between 3 and 10 minutes.
|
|
Inactive Media Timeout
|
Specifies the maximum length of time (in seconds) a call can
remain active without any media (RTP or RTCP) traffic within a group.
Each time an RTP or RTCP packet occurs within a call, this timeout
resets. When the period of inactivity exceeds this setting, the temporary
openings (pinholes) in the firewall SIP ALG opened for media are closed.
The default setting is 120 seconds, the range is from 10 to 2550 seconds.
Note that upon timeout, while resources for media (sessions and pinholes)
are removed, the call is not terminated.
|
Select a value between 10 and 2,550 seconds.
|
|
Maximum Call Duration
|
Sets the absolute maximum length of a call. When a call exceeds
this parameter setting, the SIP ALG tears down the call and releases
the media sessions. The default setting is 720 minutes, the range
is from 3 to 7200 minutes.
|
Select a value between 3 and 7,200 minutes.
|
|
T1 Interval
|
Specifies the roundtrip time estimate, in seconds, of a transaction
between endpoints. The default is 500 milliseconds. Because many SIP
timers scale with the T1-Interval (as described in RFC 3261), when
you change the value of the T1-Interval timer, those SIP timers also
are adjusted.
|
Select a value between 500 and 5,00 milliseconds.
|
|
T4 Interval
|
Specifies the maximum time a message remains in the network.
The default is 5 seconds, the range is 5 to 10 seconds. Because many
SIP timers scale with the T4-Interval (as described in RFC 3261),
when you change the value of the T4-Interval timer, those SIP timers
also are adjusted.
|
Select a value between 5and 10 seconds.
|
|
Disable Call ID Hiding
|
Enables or disable translation of the host IP address in the
call-ID header. Translation is enabled by default.
|
Click the check box.
|
|
Retain Hold Resource
|
Enable or disables whether the Services Router frees media resources
for a Session Initiation Protocol (SIP) Application Layer Gateway
(ALG), even when a media stream is placed on hold. By default, media
stream resources are released when the media stream is held.
|
Click the check box.
|
|
Permit NAT Applied Unknown Message
|
Specifies how unidentified SIP messages are handled by the router.
The default is to drop unknown (unsupported) messages. Permitting
unknown messages can compromise security and is not recommended. However,
in a secure test or production environment, this statement can be
useful for resolving interoperability issues with disparate vendor
equipment. By permitting unknown SIP (unsupported) messages, you can
get your network operational and later analyze your VoIP traffic to
determine why some messages were being dropped.
This statement applies only to received packets identified as
supported VoIP packets. If a packet cannot be identified, it is always
dropped. If a packet is identified as a supported protocol, the message
is forwarded without processing.
|
Click the check box.
|
|
Permit Routed Unknown Message
|
Specifies that unknown messages be allowed to pass if the session
is in Route mode. (Sessions in Transparent mode are treated as Route
mode.)
|
Click the check box.
|
|
Timeout
|
Specifies the amount of time (in seconds) to make an attack
table entry for each INVITE, which is listed in the application screen.
|
Enter a value between 1 and 3,600 seconds.
|
|
Attack Protection
|
Protects servers against INVITE attacks. Configure the SIP application
screen to protect the server at some or all destination IP addresses
against INVITE attacks. You can include up to 16 destination IP addresses
of servers to be protected.
|
Select None, All or, if you select Destination
IP, enter or select an IP address.
|
