Fortinet Document Library

Version:


Table of Contents

CLI Reference

6.2.1
Copy Link

Configure VoIP profiles.

  config voip profile
      Description: Configure VoIP profiles.
      edit <name>
          set comment {var-string}
          config sip
              Description: SIP.
              set status [disable|enable]
              set rtp [disable|enable]
              set nat-port-range {user}
              set open-register-pinhole [disable|enable]
              set open-contact-pinhole [disable|enable]
              set strict-register [disable|enable]
              set register-rate {integer}
              set invite-rate {integer}
              set max-dialogs {integer}
              set max-line-length {integer}
              set block-long-lines [disable|enable]
              set block-unknown [disable|enable]
              set call-keepalive {integer}
              set block-ack [disable|enable]
              set block-bye [disable|enable]
              set block-cancel [disable|enable]
              set block-info [disable|enable]
              set block-invite [disable|enable]
              set block-message [disable|enable]
              set block-notify [disable|enable]
              set block-options [disable|enable]
              set block-prack [disable|enable]
              set block-publish [disable|enable]
              set block-refer [disable|enable]
              set block-register [disable|enable]
              set block-subscribe [disable|enable]
              set block-update [disable|enable]
              set register-contact-trace [disable|enable]
              set open-via-pinhole [disable|enable]
              set open-record-route-pinhole [disable|enable]
              set rfc2543-branch [disable|enable]
              set log-violations [disable|enable]
              set log-call-summary [disable|enable]
              set nat-trace [disable|enable]
              set subscribe-rate {integer}
              set message-rate {integer}
              set notify-rate {integer}
              set refer-rate {integer}
              set update-rate {integer}
              set options-rate {integer}
              set ack-rate {integer}
              set prack-rate {integer}
              set info-rate {integer}
              set publish-rate {integer}
              set bye-rate {integer}
              set cancel-rate {integer}
              set preserve-override [disable|enable]
              set no-sdp-fixup [disable|enable]
              set contact-fixup [disable|enable]
              set max-idle-dialogs {integer}
              set block-geo-red-options [disable|enable]
              set hosted-nat-traversal [disable|enable]
              set hnt-restrict-source-ip [disable|enable]
              set max-body-length {integer}
              set unknown-header [discard|pass|...]
              set malformed-request-line [discard|pass|...]
              set malformed-header-via [discard|pass|...]
              set malformed-header-from [discard|pass|...]
              set malformed-header-to [discard|pass|...]
              set malformed-header-call-id [discard|pass|...]
              set malformed-header-cseq [discard|pass|...]
              set malformed-header-rack [discard|pass|...]
              set malformed-header-rseq [discard|pass|...]
              set malformed-header-contact [discard|pass|...]
              set malformed-header-record-route [discard|pass|...]
              set malformed-header-route [discard|pass|...]
              set malformed-header-expires [discard|pass|...]
              set malformed-header-content-type [discard|pass|...]
              set malformed-header-content-length [discard|pass|...]
              set malformed-header-max-forwards [discard|pass|...]
              set malformed-header-allow [discard|pass|...]
              set malformed-header-p-asserted-identity [discard|pass|...]
              set malformed-header-sdp-v [discard|pass|...]
              set malformed-header-sdp-o [discard|pass|...]
              set malformed-header-sdp-s [discard|pass|...]
              set malformed-header-sdp-i [discard|pass|...]
              set malformed-header-sdp-c [discard|pass|...]
              set malformed-header-sdp-b [discard|pass|...]
              set malformed-header-sdp-z [discard|pass|...]
              set malformed-header-sdp-k [discard|pass|...]
              set malformed-header-sdp-a [discard|pass|...]
              set malformed-header-sdp-t [discard|pass|...]
              set malformed-header-sdp-r [discard|pass|...]
              set malformed-header-sdp-m [discard|pass|...]
              set provisional-invite-expiry-time {integer}
              set ips-rtp [disable|enable]
              set ssl-mode [off|full]
              set ssl-send-empty-frags [enable|disable]
              set ssl-client-renegotiation [allow|deny|...]
              set ssl-algorithm [high|medium|...]
              set ssl-pfs [require|deny|...]
              set ssl-min-version [ssl-3.0|tls-1.0|...]
              set ssl-max-version [ssl-3.0|tls-1.0|...]
              set ssl-client-certificate {string}
              set ssl-server-certificate {string}
              set ssl-auth-client {string}
              set ssl-auth-server {string}
          end
          config sccp
              Description: SCCP.
              set status [disable|enable]
              set block-mcast [disable|enable]
              set verify-header [disable|enable]
              set log-call-summary [disable|enable]
              set log-violations [disable|enable]
              set max-calls {integer}
          end
      next
  end

config voip profile

Parameter Name Description Type Size
comment Comment. var-string Maximum length: 255

config sip

Parameter Name Description Type Size
status Enable/disable SIP.
disable: Disable status.
enable: Enable status.
option -
rtp Enable/disable create pinholes for RTP traffic to traverse firewall.
disable: Disable status.
enable: Enable status.
option -
nat-port-range RTP NAT port range. user Not Specified
open-register-pinhole Enable/disable open pinhole for REGISTER Contact port.
disable: Disable status.
enable: Enable status.
option -
open-contact-pinhole Enable/disable open pinhole for non-REGISTER Contact port.
disable: Disable status.
enable: Enable status.
option -
strict-register Enable/disable only allow the registrar to connect.
disable: Disable status.
enable: Enable status.
option -
register-rate REGISTER request rate limit (per second, per policy). integer Minimum value: 0 Maximum value: 4294967295
invite-rate INVITE request rate limit (per second, per policy). integer Minimum value: 0 Maximum value: 4294967295
max-dialogs Maximum number of concurrent calls/dialogs (per policy). integer Minimum value: 0 Maximum value: 4294967295
max-line-length Maximum SIP header line length (78-4096). integer Minimum value: 78 Maximum value: 4096
block-long-lines Enable/disable block requests with headers exceeding max-line-length.
disable: Disable status.
enable: Enable status.
option -
block-unknown Block unrecognized SIP requests (enabled by default).
disable: Disable status.
enable: Enable status.
option -
call-keepalive Continue tracking calls with no RTP for this many minutes. integer Minimum value: 0 Maximum value: 10080
block-ack Enable/disable block ACK requests.
disable: Disable status.
enable: Enable status.
option -
block-bye Enable/disable block BYE requests.
disable: Disable status.
enable: Enable status.
option -
block-cancel Enable/disable block CANCEL requests.
disable: Disable status.
enable: Enable status.
option -
block-info Enable/disable block INFO requests.
disable: Disable status.
enable: Enable status.
option -
block-invite Enable/disable block INVITE requests.
disable: Disable status.
enable: Enable status.
option -
block-message Enable/disable block MESSAGE requests.
disable: Disable status.
enable: Enable status.
option -
block-notify Enable/disable block NOTIFY requests.
disable: Disable status.
enable: Enable status.
option -
block-options Enable/disable block OPTIONS requests and no OPTIONS as notifying message for redundancy either.
disable: Disable status.
enable: Enable status.
option -
block-prack Enable/disable block prack requests.
disable: Disable status.
enable: Enable status.
option -
block-publish Enable/disable block PUBLISH requests.
disable: Disable status.
enable: Enable status.
option -
block-refer Enable/disable block REFER requests.
disable: Disable status.
enable: Enable status.
option -
block-register Enable/disable block REGISTER requests.
disable: Disable status.
enable: Enable status.
option -
block-subscribe Enable/disable block SUBSCRIBE requests.
disable: Disable status.
enable: Enable status.
option -
block-update Enable/disable block UPDATE requests.
disable: Disable status.
enable: Enable status.
option -
register-contact-trace Enable/disable trace original IP/port within the contact header of REGISTER requests.
disable: Disable status.
enable: Enable status.
option -
open-via-pinhole Enable/disable open pinhole for Via port.
disable: Disable status.
enable: Enable status.
option -
open-record-route-pinhole Enable/disable open pinhole for Record-Route port.
disable: Disable status.
enable: Enable status.
option -
rfc2543-branch Enable/disable support via branch compliant with RFC 2543.
disable: Disable status.
enable: Enable status.
option -
log-violations Enable/disable logging of SIP violations.
disable: Disable status.
enable: Enable status.
option -
log-call-summary Enable/disable logging of SIP call summary.
disable: Disable status.
enable: Enable status.
option -
nat-trace Enable/disable preservation of original IP in SDP i line.
disable: Disable status.
enable: Enable status.
option -
subscribe-rate SUBSCRIBE request rate limit (per second, per policy). integer Minimum value: 0 Maximum value: 4294967295
message-rate MESSAGE request rate limit (per second, per policy). integer Minimum value: 0 Maximum value: 4294967295
notify-rate NOTIFY request rate limit (per second, per policy). integer Minimum value: 0 Maximum value: 4294967295
refer-rate REFER request rate limit (per second, per policy). integer Minimum value: 0 Maximum value: 4294967295
update-rate UPDATE request rate limit (per second, per policy). integer Minimum value: 0 Maximum value: 4294967295
options-rate OPTIONS request rate limit (per second, per policy). integer Minimum value: 0 Maximum value: 4294967295
ack-rate ACK request rate limit (per second, per policy). integer Minimum value: 0 Maximum value: 4294967295
prack-rate PRACK request rate limit (per second, per policy). integer Minimum value: 0 Maximum value: 4294967295
info-rate INFO request rate limit (per second, per policy). integer Minimum value: 0 Maximum value: 4294967295
publish-rate PUBLISH request rate limit (per second, per policy). integer Minimum value: 0 Maximum value: 4294967295
bye-rate BYE request rate limit (per second, per policy). integer Minimum value: 0 Maximum value: 4294967295
cancel-rate CANCEL request rate limit (per second, per policy). integer Minimum value: 0 Maximum value: 4294967295
preserve-override Override i line to preserve original IPS (default: append).
disable: Disable status.
enable: Enable status.
option -
no-sdp-fixup Enable/disable no SDP fix-up.
disable: Disable status.
enable: Enable status.
option -
contact-fixup Fixup contact anyway even if contact's IP:port doesn't match session's IP:port.
disable: Disable status.
enable: Enable status.
option -
max-idle-dialogs Maximum number established but idle dialogs to retain (per policy). integer Minimum value: 0 Maximum value: 4294967295
block-geo-red-options Enable/disable block OPTIONS requests, but OPTIONS requests still notify for redundancy.
disable: Disable status.
enable: Enable status.
option -
hosted-nat-traversal Hosted NAT Traversal (HNT).
disable: Disable status.
enable: Enable status.
option -
hnt-restrict-source-ip Enable/disable restrict RTP source IP to be the same as SIP source IP when HNT is enabled.
disable: Disable status.
enable: Enable status.
option -
max-body-length Maximum SIP message body length (0 meaning no limit). integer Minimum value: 0 Maximum value: 4294967295
unknown-header Action for unknown SIP header.
discard: Discard malformed messages.
pass: Bypass malformed messages.
respond: Respond with error code.
option -
malformed-request-line Action for malformed request line.
discard: Discard malformed messages.
pass: Bypass malformed messages.
respond: Respond with error code.
option -
malformed-header-via Action for malformed VIA header.
discard: Discard malformed messages.
pass: Bypass malformed messages.
respond: Respond with error code.
option -
malformed-header-from Action for malformed From header.
discard: Discard malformed messages.
pass: Bypass malformed messages.
respond: Respond with error code.
option -
malformed-header-to Action for malformed To header.
discard: Discard malformed messages.
pass: Bypass malformed messages.
respond: Respond with error code.
option -
malformed-header-call-id Action for malformed Call-ID header.
discard: Discard malformed messages.
pass: Bypass malformed messages.
respond: Respond with error code.
option -
malformed-header-cseq Action for malformed CSeq header.
discard: Discard malformed messages.
pass: Bypass malformed messages.
respond: Respond with error code.
option -
malformed-header-rack Action for malformed RAck header.
discard: Discard malformed messages.
pass: Bypass malformed messages.
respond: Respond with error code.
option -
malformed-header-rseq Action for malformed RSeq header.
discard: Discard malformed messages.
pass: Bypass malformed messages.
respond: Respond with error code.
option -
malformed-header-contact Action for malformed Contact header.
discard: Discard malformed messages.
pass: Bypass malformed messages.
respond: Respond with error code.
option -
malformed-header-record-route Action for malformed Record-Route header.
discard: Discard malformed messages.
pass: Bypass malformed messages.
respond: Respond with error code.
option -
malformed-header-route Action for malformed Route header.
discard: Discard malformed messages.
pass: Bypass malformed messages.
respond: Respond with error code.
option -
malformed-header-expires Action for malformed Expires header.
discard: Discard malformed messages.
pass: Bypass malformed messages.
respond: Respond with error code.
option -
malformed-header-content-type Action for malformed Content-Type header.
discard: Discard malformed messages.
pass: Bypass malformed messages.
respond: Respond with error code.
option -
malformed-header-content-length Action for malformed Content-Length header.
discard: Discard malformed messages.
pass: Bypass malformed messages.
respond: Respond with error code.
option -
malformed-header-max-forwards Action for malformed Max-Forwards header.
discard: Discard malformed messages.
pass: Bypass malformed messages.
respond: Respond with error code.
option -
malformed-header-allow Action for malformed Allow header.
discard: Discard malformed messages.
pass: Bypass malformed messages.
respond: Respond with error code.
option -
malformed-header-p-asserted-identity Action for malformed P-Asserted-Identity header.
discard: Discard malformed messages.
pass: Bypass malformed messages.
respond: Respond with error code.
option -
malformed-header-sdp-v Action for malformed SDP v line.
discard: Discard malformed messages.
pass: Bypass malformed messages.
respond: Respond with error code.
option -
malformed-header-sdp-o Action for malformed SDP o line.
discard: Discard malformed messages.
pass: Bypass malformed messages.
respond: Respond with error code.
option -
malformed-header-sdp-s Action for malformed SDP s line.
discard: Discard malformed messages.
pass: Bypass malformed messages.
respond: Respond with error code.
option -
malformed-header-sdp-i Action for malformed SDP i line.
discard: Discard malformed messages.
pass: Bypass malformed messages.
respond: Respond with error code.
option -
malformed-header-sdp-c Action for malformed SDP c line.
discard: Discard malformed messages.
pass: Bypass malformed messages.
respond: Respond with error code.
option -
malformed-header-sdp-b Action for malformed SDP b line.
discard: Discard malformed messages.
pass: Bypass malformed messages.
respond: Respond with error code.
option -
malformed-header-sdp-z Action for malformed SDP z line.
discard: Discard malformed messages.
pass: Bypass malformed messages.
respond: Respond with error code.
option -
malformed-header-sdp-k Action for malformed SDP k line.
discard: Discard malformed messages.
pass: Bypass malformed messages.
respond: Respond with error code.
option -
malformed-header-sdp-a Action for malformed SDP a line.
discard: Discard malformed messages.
pass: Bypass malformed messages.
respond: Respond with error code.
option -
malformed-header-sdp-t Action for malformed SDP t line.
discard: Discard malformed messages.
pass: Bypass malformed messages.
respond: Respond with error code.
option -
malformed-header-sdp-r Action for malformed SDP r line.
discard: Discard malformed messages.
pass: Bypass malformed messages.
respond: Respond with error code.
option -
malformed-header-sdp-m Action for malformed SDP m line.
discard: Discard malformed messages.
pass: Bypass malformed messages.
respond: Respond with error code.
option -
provisional-invite-expiry-time Expiry time for provisional INVITE (10 - 3600 sec). integer Minimum value: 10 Maximum value: 3600
ips-rtp Enable/disable allow IPS on RTP.
disable: Disable status.
enable: Enable status.
option -
ssl-mode SSL/TLS mode for encryption & decryption of traffic.
off: No SSL.
full: Client to FortiGate and FortiGate to Server SSL.
option -
ssl-send-empty-frags Send empty fragments to avoid attack on CBC IV (SSL 3.0 & TLS 1.0 only).
enable: Send empty fragments.
disable: Do not send empty fragments.
option -
ssl-client-renegotiation Allow/block client renegotiation by server.
allow: Allow a SSL client to renegotiate.
deny: Abort any SSL connection that attempts to renegotiate.
secure: Reject any SSL connection that does not offer a RFC 5746 Secure Renegotiation Indication.
option -
ssl-algorithm Relative strength of encryption algorithms accepted in negotiation.
high: High encryption. Allow only AES and ChaCha.
medium: Medium encryption. Allow AES, ChaCha, 3DES, and RC4.
low: Low encryption. Allow AES, ChaCha, 3DES, RC4, and DES.
option -
ssl-pfs SSL Perfect Forward Secrecy.
require: PFS mandatory.
deny: PFS rejected.
allow: PFS allowed.
option -
ssl-min-version Lowest SSL/TLS version to negotiate.
ssl-3.0: SSL 3.0.
tls-1.0: TLS 1.0.
tls-1.1: TLS 1.1.
tls-1.2: TLS 1.2.
tls-1.3: TLS 1.3.
option -
ssl-max-version Highest SSL/TLS version to negotiate.
ssl-3.0: SSL 3.0.
tls-1.0: TLS 1.0.
tls-1.1: TLS 1.1.
tls-1.2: TLS 1.2.
tls-1.3: TLS 1.3.
option -
ssl-client-certificate Name of Certificate to offer to server if requested. string Maximum length: 35
ssl-server-certificate Name of Certificate return to the client in every SSL connection. string Maximum length: 35
ssl-auth-client Require a client certificate and authenticate it with the peer/peergrp. string Maximum length: 35
ssl-auth-server Authenticate the server's certificate with the peer/peergrp. string Maximum length: 35

config sccp

Parameter Name Description Type Size
status Enable/disable SCCP.
disable: Disable status.
enable: Enable status.
option -
block-mcast Enable/disable block multicast RTP connections.
disable: Disable status.
enable: Enable status.
option -
verify-header Enable/disable verify SCCP header content.
disable: Disable status.
enable: Enable status.
option -
log-call-summary Enable/disable log summary of SCCP calls.
disable: Disable status.
enable: Enable status.
option -
log-violations Enable/disable logging of SCCP violations.
disable: Disable status.
enable: Enable status.
option -
max-calls Maximum calls per minute per SCCP client (max 65535). integer Minimum value: 0 Maximum value: 65535

Configure VoIP profiles.

  config voip profile
      Description: Configure VoIP profiles.
      edit <name>
          set comment {var-string}
          config sip
              Description: SIP.
              set status [disable|enable]
              set rtp [disable|enable]
              set nat-port-range {user}
              set open-register-pinhole [disable|enable]
              set open-contact-pinhole [disable|enable]
              set strict-register [disable|enable]
              set register-rate {integer}
              set invite-rate {integer}
              set max-dialogs {integer}
              set max-line-length {integer}
              set block-long-lines [disable|enable]
              set block-unknown [disable|enable]
              set call-keepalive {integer}
              set block-ack [disable|enable]
              set block-bye [disable|enable]
              set block-cancel [disable|enable]
              set block-info [disable|enable]
              set block-invite [disable|enable]
              set block-message [disable|enable]
              set block-notify [disable|enable]
              set block-options [disable|enable]
              set block-prack [disable|enable]
              set block-publish [disable|enable]
              set block-refer [disable|enable]
              set block-register [disable|enable]
              set block-subscribe [disable|enable]
              set block-update [disable|enable]
              set register-contact-trace [disable|enable]
              set open-via-pinhole [disable|enable]
              set open-record-route-pinhole [disable|enable]
              set rfc2543-branch [disable|enable]
              set log-violations [disable|enable]
              set log-call-summary [disable|enable]
              set nat-trace [disable|enable]
              set subscribe-rate {integer}
              set message-rate {integer}
              set notify-rate {integer}
              set refer-rate {integer}
              set update-rate {integer}
              set options-rate {integer}
              set ack-rate {integer}
              set prack-rate {integer}
              set info-rate {integer}
              set publish-rate {integer}
              set bye-rate {integer}
              set cancel-rate {integer}
              set preserve-override [disable|enable]
              set no-sdp-fixup [disable|enable]
              set contact-fixup [disable|enable]
              set max-idle-dialogs {integer}
              set block-geo-red-options [disable|enable]
              set hosted-nat-traversal [disable|enable]
              set hnt-restrict-source-ip [disable|enable]
              set max-body-length {integer}
              set unknown-header [discard|pass|...]
              set malformed-request-line [discard|pass|...]
              set malformed-header-via [discard|pass|...]
              set malformed-header-from [discard|pass|...]
              set malformed-header-to [discard|pass|...]
              set malformed-header-call-id [discard|pass|...]
              set malformed-header-cseq [discard|pass|...]
              set malformed-header-rack [discard|pass|...]
              set malformed-header-rseq [discard|pass|...]
              set malformed-header-contact [discard|pass|...]
              set malformed-header-record-route [discard|pass|...]
              set malformed-header-route [discard|pass|...]
              set malformed-header-expires [discard|pass|...]
              set malformed-header-content-type [discard|pass|...]
              set malformed-header-content-length [discard|pass|...]
              set malformed-header-max-forwards [discard|pass|...]
              set malformed-header-allow [discard|pass|...]
              set malformed-header-p-asserted-identity [discard|pass|...]
              set malformed-header-sdp-v [discard|pass|...]
              set malformed-header-sdp-o [discard|pass|...]
              set malformed-header-sdp-s [discard|pass|...]
              set malformed-header-sdp-i [discard|pass|...]
              set malformed-header-sdp-c [discard|pass|...]
              set malformed-header-sdp-b [discard|pass|...]
              set malformed-header-sdp-z [discard|pass|...]
              set malformed-header-sdp-k [discard|pass|...]
              set malformed-header-sdp-a [discard|pass|...]
              set malformed-header-sdp-t [discard|pass|...]
              set malformed-header-sdp-r [discard|pass|...]
              set malformed-header-sdp-m [discard|pass|...]
              set provisional-invite-expiry-time {integer}
              set ips-rtp [disable|enable]
              set ssl-mode [off|full]
              set ssl-send-empty-frags [enable|disable]
              set ssl-client-renegotiation [allow|deny|...]
              set ssl-algorithm [high|medium|...]
              set ssl-pfs [require|deny|...]
              set ssl-min-version [ssl-3.0|tls-1.0|...]
              set ssl-max-version [ssl-3.0|tls-1.0|...]
              set ssl-client-certificate {string}
              set ssl-server-certificate {string}
              set ssl-auth-client {string}
              set ssl-auth-server {string}
          end
          config sccp
              Description: SCCP.
              set status [disable|enable]
              set block-mcast [disable|enable]
              set verify-header [disable|enable]
              set log-call-summary [disable|enable]
              set log-violations [disable|enable]
              set max-calls {integer}
          end
      next
  end

config voip profile

Parameter Name Description Type Size
comment Comment. var-string Maximum length: 255

config sip

Parameter Name Description Type Size
status Enable/disable SIP.
disable: Disable status.
enable: Enable status.
option -
rtp Enable/disable create pinholes for RTP traffic to traverse firewall.
disable: Disable status.
enable: Enable status.
option -
nat-port-range RTP NAT port range. user Not Specified
open-register-pinhole Enable/disable open pinhole for REGISTER Contact port.
disable: Disable status.
enable: Enable status.
option -
open-contact-pinhole Enable/disable open pinhole for non-REGISTER Contact port.
disable: Disable status.
enable: Enable status.
option -
strict-register Enable/disable only allow the registrar to connect.
disable: Disable status.
enable: Enable status.
option -
register-rate REGISTER request rate limit (per second, per policy). integer Minimum value: 0 Maximum value: 4294967295
invite-rate INVITE request rate limit (per second, per policy). integer Minimum value: 0 Maximum value: 4294967295
max-dialogs Maximum number of concurrent calls/dialogs (per policy). integer Minimum value: 0 Maximum value: 4294967295
max-line-length Maximum SIP header line length (78-4096). integer Minimum value: 78 Maximum value: 4096
block-long-lines Enable/disable block requests with headers exceeding max-line-length.
disable: Disable status.
enable: Enable status.
option -
block-unknown Block unrecognized SIP requests (enabled by default).
disable: Disable status.
enable: Enable status.
option -
call-keepalive Continue tracking calls with no RTP for this many minutes. integer Minimum value: 0 Maximum value: 10080
block-ack Enable/disable block ACK requests.
disable: Disable status.
enable: Enable status.
option -
block-bye Enable/disable block BYE requests.
disable: Disable status.
enable: Enable status.
option -
block-cancel Enable/disable block CANCEL requests.
disable: Disable status.
enable: Enable status.
option -
block-info Enable/disable block INFO requests.
disable: Disable status.
enable: Enable status.
option -
block-invite Enable/disable block INVITE requests.
disable: Disable status.
enable: Enable status.
option -
block-message Enable/disable block MESSAGE requests.
disable: Disable status.
enable: Enable status.
option -
block-notify Enable/disable block NOTIFY requests.
disable: Disable status.
enable: Enable status.
option -
block-options Enable/disable block OPTIONS requests and no OPTIONS as notifying message for redundancy either.
disable: Disable status.
enable: Enable status.
option -
block-prack Enable/disable block prack requests.
disable: Disable status.
enable: Enable status.
option -
block-publish Enable/disable block PUBLISH requests.
disable: Disable status.
enable: Enable status.
option -
block-refer Enable/disable block REFER requests.
disable: Disable status.
enable: Enable status.
option -
block-register Enable/disable block REGISTER requests.
disable: Disable status.
enable: Enable status.
option -
block-subscribe Enable/disable block SUBSCRIBE requests.
disable: Disable status.
enable: Enable status.
option -
block-update Enable/disable block UPDATE requests.
disable: Disable status.
enable: Enable status.
option -
register-contact-trace Enable/disable trace original IP/port within the contact header of REGISTER requests.
disable: Disable status.
enable: Enable status.
option -
open-via-pinhole Enable/disable open pinhole for Via port.
disable: Disable status.
enable: Enable status.
option -
open-record-route-pinhole Enable/disable open pinhole for Record-Route port.
disable: Disable status.
enable: Enable status.
option -
rfc2543-branch Enable/disable support via branch compliant with RFC 2543.
disable: Disable status.
enable: Enable status.
option -
log-violations Enable/disable logging of SIP violations.
disable: Disable status.
enable: Enable status.
option -
log-call-summary Enable/disable logging of SIP call summary.
disable: Disable status.
enable: Enable status.
option -
nat-trace Enable/disable preservation of original IP in SDP i line.
disable: Disable status.
enable: Enable status.
option -
subscribe-rate SUBSCRIBE request rate limit (per second, per policy). integer Minimum value: 0 Maximum value: 4294967295
message-rate MESSAGE request rate limit (per second, per policy). integer Minimum value: 0 Maximum value: 4294967295
notify-rate NOTIFY request rate limit (per second, per policy). integer Minimum value: 0 Maximum value: 4294967295
refer-rate REFER request rate limit (per second, per policy). integer Minimum value: 0 Maximum value: 4294967295
update-rate UPDATE request rate limit (per second, per policy). integer Minimum value: 0 Maximum value: 4294967295
options-rate OPTIONS request rate limit (per second, per policy). integer Minimum value: 0 Maximum value: 4294967295
ack-rate ACK request rate limit (per second, per policy). integer Minimum value: 0 Maximum value: 4294967295
prack-rate PRACK request rate limit (per second, per policy). integer Minimum value: 0 Maximum value: 4294967295
info-rate INFO request rate limit (per second, per policy). integer Minimum value: 0 Maximum value: 4294967295
publish-rate PUBLISH request rate limit (per second, per policy). integer Minimum value: 0 Maximum value: 4294967295
bye-rate BYE request rate limit (per second, per policy). integer Minimum value: 0 Maximum value: 4294967295
cancel-rate CANCEL request rate limit (per second, per policy). integer Minimum value: 0 Maximum value: 4294967295
preserve-override Override i line to preserve original IPS (default: append).
disable: Disable status.
enable: Enable status.
option -
no-sdp-fixup Enable/disable no SDP fix-up.
disable: Disable status.
enable: Enable status.
option -
contact-fixup Fixup contact anyway even if contact's IP:port doesn't match session's IP:port.
disable: Disable status.
enable: Enable status.
option -
max-idle-dialogs Maximum number established but idle dialogs to retain (per policy). integer Minimum value: 0 Maximum value: 4294967295
block-geo-red-options Enable/disable block OPTIONS requests, but OPTIONS requests still notify for redundancy.
disable: Disable status.
enable: Enable status.
option -
hosted-nat-traversal Hosted NAT Traversal (HNT).
disable: Disable status.
enable: Enable status.
option -
hnt-restrict-source-ip Enable/disable restrict RTP source IP to be the same as SIP source IP when HNT is enabled.
disable: Disable status.
enable: Enable status.
option -
max-body-length Maximum SIP message body length (0 meaning no limit). integer Minimum value: 0 Maximum value: 4294967295
unknown-header Action for unknown SIP header.
discard: Discard malformed messages.
pass: Bypass malformed messages.
respond: Respond with error code.
option -
malformed-request-line Action for malformed request line.
discard: Discard malformed messages.
pass: Bypass malformed messages.
respond: Respond with error code.
option -
malformed-header-via Action for malformed VIA header.
discard: Discard malformed messages.
pass: Bypass malformed messages.
respond: Respond with error code.
option -
malformed-header-from Action for malformed From header.
discard: Discard malformed messages.
pass: Bypass malformed messages.
respond: Respond with error code.
option -
malformed-header-to Action for malformed To header.
discard: Discard malformed messages.
pass: Bypass malformed messages.
respond: Respond with error code.
option -
malformed-header-call-id Action for malformed Call-ID header.
discard: Discard malformed messages.
pass: Bypass malformed messages.
respond: Respond with error code.
option -
malformed-header-cseq Action for malformed CSeq header.
discard: Discard malformed messages.
pass: Bypass malformed messages.
respond: Respond with error code.
option -
malformed-header-rack Action for malformed RAck header.
discard: Discard malformed messages.
pass: Bypass malformed messages.
respond: Respond with error code.
option -
malformed-header-rseq Action for malformed RSeq header.
discard: Discard malformed messages.
pass: Bypass malformed messages.
respond: Respond with error code.
option -
malformed-header-contact Action for malformed Contact header.
discard: Discard malformed messages.
pass: Bypass malformed messages.
respond: Respond with error code.
option -
malformed-header-record-route Action for malformed Record-Route header.
discard: Discard malformed messages.
pass: Bypass malformed messages.
respond: Respond with error code.
option -
malformed-header-route Action for malformed Route header.
discard: Discard malformed messages.
pass: Bypass malformed messages.
respond: Respond with error code.
option -
malformed-header-expires Action for malformed Expires header.
discard: Discard malformed messages.
pass: Bypass malformed messages.
respond: Respond with error code.
option -
malformed-header-content-type Action for malformed Content-Type header.
discard: Discard malformed messages.
pass: Bypass malformed messages.
respond: Respond with error code.
option -
malformed-header-content-length Action for malformed Content-Length header.
discard: Discard malformed messages.
pass: Bypass malformed messages.
respond: Respond with error code.
option -
malformed-header-max-forwards Action for malformed Max-Forwards header.
discard: Discard malformed messages.
pass: Bypass malformed messages.
respond: Respond with error code.
option -
malformed-header-allow Action for malformed Allow header.
discard: Discard malformed messages.
pass: Bypass malformed messages.
respond: Respond with error code.
option -
malformed-header-p-asserted-identity Action for malformed P-Asserted-Identity header.
discard: Discard malformed messages.
pass: Bypass malformed messages.
respond: Respond with error code.
option -
malformed-header-sdp-v Action for malformed SDP v line.
discard: Discard malformed messages.
pass: Bypass malformed messages.
respond: Respond with error code.
option -
malformed-header-sdp-o Action for malformed SDP o line.
discard: Discard malformed messages.
pass: Bypass malformed messages.
respond: Respond with error code.
option -
malformed-header-sdp-s Action for malformed SDP s line.
discard: Discard malformed messages.
pass: Bypass malformed messages.
respond: Respond with error code.
option -
malformed-header-sdp-i Action for malformed SDP i line.
discard: Discard malformed messages.
pass: Bypass malformed messages.
respond: Respond with error code.
option -
malformed-header-sdp-c Action for malformed SDP c line.
discard: Discard malformed messages.
pass: Bypass malformed messages.
respond: Respond with error code.
option -
malformed-header-sdp-b Action for malformed SDP b line.
discard: Discard malformed messages.
pass: Bypass malformed messages.
respond: Respond with error code.
option -
malformed-header-sdp-z Action for malformed SDP z line.
discard: Discard malformed messages.
pass: Bypass malformed messages.
respond: Respond with error code.
option -
malformed-header-sdp-k Action for malformed SDP k line.
discard: Discard malformed messages.
pass: Bypass malformed messages.
respond: Respond with error code.
option -
malformed-header-sdp-a Action for malformed SDP a line.
discard: Discard malformed messages.
pass: Bypass malformed messages.
respond: Respond with error code.
option -
malformed-header-sdp-t Action for malformed SDP t line.
discard: Discard malformed messages.
pass: Bypass malformed messages.
respond: Respond with error code.
option -
malformed-header-sdp-r Action for malformed SDP r line.
discard: Discard malformed messages.
pass: Bypass malformed messages.
respond: Respond with error code.
option -
malformed-header-sdp-m Action for malformed SDP m line.
discard: Discard malformed messages.
pass: Bypass malformed messages.
respond: Respond with error code.
option -
provisional-invite-expiry-time Expiry time for provisional INVITE (10 - 3600 sec). integer Minimum value: 10 Maximum value: 3600
ips-rtp Enable/disable allow IPS on RTP.
disable: Disable status.
enable: Enable status.
option -
ssl-mode SSL/TLS mode for encryption & decryption of traffic.
off: No SSL.
full: Client to FortiGate and FortiGate to Server SSL.
option -
ssl-send-empty-frags Send empty fragments to avoid attack on CBC IV (SSL 3.0 & TLS 1.0 only).
enable: Send empty fragments.
disable: Do not send empty fragments.
option -
ssl-client-renegotiation Allow/block client renegotiation by server.
allow: Allow a SSL client to renegotiate.
deny: Abort any SSL connection that attempts to renegotiate.
secure: Reject any SSL connection that does not offer a RFC 5746 Secure Renegotiation Indication.
option -
ssl-algorithm Relative strength of encryption algorithms accepted in negotiation.
high: High encryption. Allow only AES and ChaCha.
medium: Medium encryption. Allow AES, ChaCha, 3DES, and RC4.
low: Low encryption. Allow AES, ChaCha, 3DES, RC4, and DES.
option -
ssl-pfs SSL Perfect Forward Secrecy.
require: PFS mandatory.
deny: PFS rejected.
allow: PFS allowed.
option -
ssl-min-version Lowest SSL/TLS version to negotiate.
ssl-3.0: SSL 3.0.
tls-1.0: TLS 1.0.
tls-1.1: TLS 1.1.
tls-1.2: TLS 1.2.
tls-1.3: TLS 1.3.
option -
ssl-max-version Highest SSL/TLS version to negotiate.
ssl-3.0: SSL 3.0.
tls-1.0: TLS 1.0.
tls-1.1: TLS 1.1.
tls-1.2: TLS 1.2.
tls-1.3: TLS 1.3.
option -
ssl-client-certificate Name of Certificate to offer to server if requested. string Maximum length: 35
ssl-server-certificate Name of Certificate return to the client in every SSL connection. string Maximum length: 35
ssl-auth-client Require a client certificate and authenticate it with the peer/peergrp. string Maximum length: 35
ssl-auth-server Authenticate the server's certificate with the peer/peergrp. string Maximum length: 35

config sccp

Parameter Name Description Type Size
status Enable/disable SCCP.
disable: Disable status.
enable: Enable status.
option -
block-mcast Enable/disable block multicast RTP connections.
disable: Disable status.
enable: Enable status.
option -
verify-header Enable/disable verify SCCP header content.
disable: Disable status.
enable: Enable status.
option -
log-call-summary Enable/disable log summary of SCCP calls.
disable: Disable status.
enable: Enable status.
option -
log-violations Enable/disable logging of SCCP violations.
disable: Disable status.
enable: Enable status.
option -
max-calls Maximum calls per minute per SCCP client (max 65535). integer Minimum value: 0 Maximum value: 65535