Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Voice-over-IP Contexts

These attack objects and groups are designed to detect known attack patterns and protocol anomalies within the network traffic. You can configure attack objects and groups for voice-over-IP protocol as match conditions in IDP policy rules.

Service Contexts: H225

The table displays the security context details for H225:

Table 1: Service Contexts: H225

Context and Direction


Example of Contexts

h225ras-admission (ANY)

Matches H225RAS admission messages (AdmissionConfirm, AdmissionReject, AdmisssonRequest).

h225ras-bandwidth (ANY)

Matches H225RAS bandwidth messages (BandwidthConfirm, BandwidthReject, BandwidthRequest).

h225ras-command-state (ANY)

Matches the state of the H225RSA connection.

h225ras-disengage (ANY)

Matches H225RAS disengage messages (DisengageConfirm, DisengageReject, DisengageRequest).

h225ras-gatekeeper (ANY)

Matches H225RAS gatekeeper messages (GatekeeperConfirm, GatekeeperReject, GatekeeperRequest).

h225ras-info (ANY)

Matches H225RAS informational messages (InfoRequestAck, InfoRequestResponse, InfoRequest).

h225ras-location (ANY)

Matches H225RAS location messages (LocationConfirm, LocationReject, LocationRequest).

h225ras-message (ANY)

Matches the broad H225RAS message context.

h225ras- nonstandard (ANY)

Matches the H225RAS nonstandard message context.

h225ras- registration (ANY)

Matches the H225RAS registration message.

h225ras- resource (ANY)

Matches H225RAS resources available messages (Resources Available Confirm, Resources Available Indicate).

h225ras-rip (STC)

Matches the H225RAS request- in-progress message.

h225ras- servicecontrol (CTS)

Matches the H225RAS service control message.

h225ras- unknown–message (ANY)

Match the H225RAS Unknown message type.

h225ras-unregistration (ANY)

Matches the H225RAS unregistration message.

h225ras- unspecified-message (ANY)

Matches the H225RAS unspecified message.

h225ras-version (ANY)

Matches the H225RAS version message.

h225sgn-message (ANY)

Matches the H225SGN message body started with the message-type byte.

h225sgn-preamble (ANY)

Matches the H225SGN signaling protocol discriminator and call reference value.

Service Contexts: MGCP

The table displays the security context details for MGCP:

Table 2: Service Contexts: MGCP

Context and Direction


Display Name

mgcp-call-id (ANY)

Matches the MGCP call ID parameter value.


mgcp-command (ANY)

Matches the MGCP command line.

MGCP Command

mgcp-ep-name (ANY)

Matches the MGCP endpoint name specified in command line or command parameters.

MGCP Endpoint name

mgcp-parm (ANY)

Matches the MGCP command parameter value.

MGCP Command Parameter

mgcp-rsp (ANY)

Matches the entire MGCP response line with the return code.

MGCP Reply Line

mgcp-rsp-000-line (ANY)

Matches the MGCP 0yz response acknowledgment.

MGCP 000 Reply Line

mgcp-rsp-100-line (ANY)

Matches the MGCP 1yz provisional response.

MGCP 100 Reply Line

mgcp-rsp-200-line (ANY)

Matches the MGCP 2yz successful completion response.

MGCP 200 Reply Line

mgcp-rsp-400-line (ANY)

Matches the MGCP 4yz permanent error response

MGCP 400 Reply Line

mgcp-rsp-500-line (ANY)

Matches the MGCP 5yz permanent error response.

MGCP 500 Reply Line

mgcp-rsp-800-line (ANY)

Matches the MGCP 8yz package-specific response codes.

MGCP 800 Reply Line

mgcp-rsp-bad-rcode (ANY)

Matches any MGCP invalid response code.

MGCP Invalid Response Code

mgcp-sdp-line (ANY)

Matches MGCP/SDP contents data line.


mgcp-trans-id (ANY)

Matches the MGCP transaction ID parameter value.

MGCP Transaction ID

Service Contexts: SIP

The table displays the security context details for SIP:

Table 3: Service Contexts: SIP

Context and Direction


Example of Contexts

sip-bad-header (ANY)

Matches SIP hearders with bad syntax.

sip-command-state (ANY)

Matches the state of the SIP connection.

sip-content-any (ANY)

Matches SIP contents portion of packet data.

sip-content-sdp (ANY)

Matches SIP/SDP content data.

sip-display-name (ANY)

Matches the display name of URL in related headers.

sip-header-any (ANY)

Matches SIP headers with no designated context.

sip-header-callid (ANY)

Matches the SIP <Call-ID> header.

sip-header-from (ANY)

Matches the SIP <From> header.

sip-header-maxforwards (CTS)

Matches the SIP <Max-Forwards> header.

sip-header-to (ANY)

Matches SIP <To> header.

sip-header-value-len (ANY)

Artificially created context for putting thresholds on a header value.

sip-headr-via (ANY)

Matches the SIP <Via> header.

sip-parameter (ANY)

Matches parsed parameters in the headers.

sip-parameter-bad (ANY)

Matches parsed invalid parameters in the headers.

sip-reply (STC)

Matches any SIP reply line with the return code.

sip-reply-100-line (STC)

Matches the SIP 1yz Positive Preliminary reply.

sip-reply-200-line (STC)

Matches the SIP 2yz Positive Compleation reply.

sip-reply-300-line (STC)

Matches the SIP 3yz Postive Intermediate reply.

sip-reply-400-line (STC)

Matches the SIP 4yz Transient Negative Completion reply.

sip-reply-500-line (STC)

Matches the SIP 5yz Permanent Negative Completion reply.

sip-reply-600-line (STC)

Matches the SIP 6yz Failure Completion reply.

sip-reply-bad-rcode (STC)

Matches any SIP invalid response code.

sip-request (CTS)

Matches the SIP request command line.

sip-request-unknown (CTS)

Matches the SIP request with unknown command.

sip-sdp-line (ANY)

Matches the SIP/SDP contents data line.

sip-unknown-data (ANY)

Matches SIP unknown data.

sip-unknown-header (ANY)

Matches a SIP unknown header.

sip-uri-host (ANY)

Matches the host-name/IP-address of URI in related headers.

sip-uri-parameter (ANY)

Matches the parameter of URI in related headers.