Fortinet black logo

CLI Reference

config voip profile

config voip profile

Configure VoIP profiles.

config voip profile

Description: Configure VoIP profiles.

edit <name>

set comment {var-string}

config sip

Description: SIP.

set status [disable|enable]

set rtp [disable|enable]

set nat-port-range {user}

set open-register-pinhole [disable|enable]

set open-contact-pinhole [disable|enable]

set strict-register [disable|enable]

set register-rate {integer}

set invite-rate {integer}

set max-dialogs {integer}

set max-line-length {integer}

set block-long-lines [disable|enable]

set block-unknown [disable|enable]

set call-keepalive {integer}

set block-ack [disable|enable]

set block-bye [disable|enable]

set block-cancel [disable|enable]

set block-info [disable|enable]

set block-invite [disable|enable]

set block-message [disable|enable]

set block-notify [disable|enable]

set block-options [disable|enable]

set block-prack [disable|enable]

set block-publish [disable|enable]

set block-refer [disable|enable]

set block-register [disable|enable]

set block-subscribe [disable|enable]

set block-update [disable|enable]

set register-contact-trace [disable|enable]

set open-via-pinhole [disable|enable]

set open-record-route-pinhole [disable|enable]

set rfc2543-branch [disable|enable]

set log-violations [disable|enable]

set log-call-summary [disable|enable]

set nat-trace [disable|enable]

set subscribe-rate {integer}

set message-rate {integer}

set notify-rate {integer}

set refer-rate {integer}

set update-rate {integer}

set options-rate {integer}

set ack-rate {integer}

set prack-rate {integer}

set info-rate {integer}

set publish-rate {integer}

set bye-rate {integer}

set cancel-rate {integer}

set preserve-override [disable|enable]

set no-sdp-fixup [disable|enable]

set contact-fixup [disable|enable]

set max-idle-dialogs {integer}

set block-geo-red-options [disable|enable]

set hosted-nat-traversal [disable|enable]

set hnt-restrict-source-ip [disable|enable]

set max-body-length {integer}

set unknown-header [discard|pass|...]

set malformed-request-line [discard|pass|...]

set malformed-header-via [discard|pass|...]

set malformed-header-from [discard|pass|...]

set malformed-header-to [discard|pass|...]

set malformed-header-call-id [discard|pass|...]

set malformed-header-cseq [discard|pass|...]

set malformed-header-rack [discard|pass|...]

set malformed-header-rseq [discard|pass|...]

set malformed-header-contact [discard|pass|...]

set malformed-header-record-route [discard|pass|...]

set malformed-header-route [discard|pass|...]

set malformed-header-expires [discard|pass|...]

set malformed-header-content-type [discard|pass|...]

set malformed-header-content-length [discard|pass|...]

set malformed-header-max-forwards [discard|pass|...]

set malformed-header-allow [discard|pass|...]

set malformed-header-p-asserted-identity [discard|pass|...]

set malformed-header-sdp-v [discard|pass|...]

set malformed-header-sdp-o [discard|pass|...]

set malformed-header-sdp-s [discard|pass|...]

set malformed-header-sdp-i [discard|pass|...]

set malformed-header-sdp-c [discard|pass|...]

set malformed-header-sdp-b [discard|pass|...]

set malformed-header-sdp-z [discard|pass|...]

set malformed-header-sdp-k [discard|pass|...]

set malformed-header-sdp-a [discard|pass|...]

set malformed-header-sdp-t [discard|pass|...]

set malformed-header-sdp-r [discard|pass|...]

set malformed-header-sdp-m [discard|pass|...]

set provisional-invite-expiry-time {integer}

set ips-rtp [disable|enable]

set ssl-mode [off|full]

set ssl-send-empty-frags [enable|disable]

set ssl-client-renegotiation [allow|deny|...]

set ssl-algorithm [high|medium|...]

set ssl-pfs [require|deny|...]

set ssl-min-version [ssl-3.0|tls-1.0|...]

set ssl-max-version [ssl-3.0|tls-1.0|...]

set ssl-client-certificate {string}

set ssl-server-certificate {string}

set ssl-auth-client {string}

set ssl-auth-server {string}

end

config sccp

Description: SCCP.

set status [disable|enable]

set block-mcast [disable|enable]

set verify-header [disable|enable]

set log-call-summary [disable|enable]

set log-violations [disable|enable]

set max-calls {integer}

end

next

end

config voip profile

Parameter

Description

Type

Size

comment

Comment.

var-string

Maximum length: 255

config sip

Parameter

Description

Type

Size

status

Enable/disable SIP.

option

-

Option

Description

disable

Disable status.

enable

Enable status.

rtp

Enable/disable create pinholes for RTP traffic to traverse firewall.

option

-

Option

Description

disable

Disable status.

enable

Enable status.

nat-port-range

RTP NAT port range.

user

Not Specified

open-register-pinhole

Enable/disable open pinhole for REGISTER Contact port.

option

-

Option

Description

disable

Disable status.

enable

Enable status.

open-contact-pinhole

Enable/disable open pinhole for non-REGISTER Contact port.

option

-

Option

Description

disable

Disable status.

enable

Enable status.

strict-register

Enable/disable only allow the registrar to connect.

option

-

Option

Description

disable

Disable status.

enable

Enable status.

register-rate

REGISTER request rate limit (per second, per policy).

integer

Minimum value: 0 Maximum value: 4294967295

invite-rate

INVITE request rate limit (per second, per policy).

integer

Minimum value: 0 Maximum value: 4294967295

max-dialogs

Maximum number of concurrent calls/dialogs (per policy).

integer

Minimum value: 0 Maximum value: 4294967295

max-line-length

Maximum SIP header line length .

integer

Minimum value: 78 Maximum value: 4096

block-long-lines

Enable/disable block requests with headers exceeding max-line-length.

option

-

Option

Description

disable

Disable status.

enable

Enable status.

block-unknown

Block unrecognized SIP requests .

option

-

Option

Description

disable

Disable status.

enable

Enable status.

call-keepalive

Continue tracking calls with no RTP for this many minutes.

integer

Minimum value: 0 Maximum value: 10080

block-ack

Enable/disable block ACK requests.

option

-

Option

Description

disable

Disable status.

enable

Enable status.

block-bye

Enable/disable block BYE requests.

option

-

Option

Description

disable

Disable status.

enable

Enable status.

block-cancel

Enable/disable block CANCEL requests.

option

-

Option

Description

disable

Disable status.

enable

Enable status.

block-info

Enable/disable block INFO requests.

option

-

Option

Description

disable

Disable status.

enable

Enable status.

block-invite

Enable/disable block INVITE requests.

option

-

Option

Description

disable

Disable status.

enable

Enable status.

block-message

Enable/disable block MESSAGE requests.

option

-

Option

Description

disable

Disable status.

enable

Enable status.

block-notify

Enable/disable block NOTIFY requests.

option

-

Option

Description

disable

Disable status.

enable

Enable status.

block-options

Enable/disable block OPTIONS requests and no OPTIONS as notifying message for redundancy either.

option

-

Option

Description

disable

Disable status.

enable

Enable status.

block-prack

Enable/disable block prack requests.

option

-

Option

Description

disable

Disable status.

enable

Enable status.

block-publish

Enable/disable block PUBLISH requests.

option

-

Option

Description

disable

Disable status.

enable

Enable status.

block-refer

Enable/disable block REFER requests.

option

-

Option

Description

disable

Disable status.

enable

Enable status.

block-register

Enable/disable block REGISTER requests.

option

-

Option

Description

disable

Disable status.

enable

Enable status.

block-subscribe

Enable/disable block SUBSCRIBE requests.

option

-

Option

Description

disable

Disable status.

enable

Enable status.

block-update

Enable/disable block UPDATE requests.

option

-

Option

Description

disable

Disable status.

enable

Enable status.

register-contact-trace

Enable/disable trace original IP/port within the contact header of REGISTER requests.

option

-

Option

Description

disable

Disable status.

enable

Enable status.

open-via-pinhole

Enable/disable open pinhole for Via port.

option

-

Option

Description

disable

Disable status.

enable

Enable status.

open-record-route-pinhole

Enable/disable open pinhole for Record-Route port.

option

-

Option

Description

disable

Disable status.

enable

Enable status.

rfc2543-branch

Enable/disable support via branch compliant with RFC 2543.

option

-

Option

Description

disable

Disable status.

enable

Enable status.

log-violations

Enable/disable logging of SIP violations.

option

-

Option

Description

disable

Disable status.

enable

Enable status.

log-call-summary

Enable/disable logging of SIP call summary.

option

-

Option

Description

disable

Disable status.

enable

Enable status.

nat-trace

Enable/disable preservation of original IP in SDP i line.

option

-

Option

Description

disable

Disable status.

enable

Enable status.

subscribe-rate

SUBSCRIBE request rate limit (per second, per policy).

integer

Minimum value: 0 Maximum value: 4294967295

message-rate

MESSAGE request rate limit (per second, per policy).

integer

Minimum value: 0 Maximum value: 4294967295

notify-rate

NOTIFY request rate limit (per second, per policy).

integer

Minimum value: 0 Maximum value: 4294967295

refer-rate

REFER request rate limit (per second, per policy).

integer

Minimum value: 0 Maximum value: 4294967295

update-rate

UPDATE request rate limit (per second, per policy).

integer

Minimum value: 0 Maximum value: 4294967295

options-rate

OPTIONS request rate limit (per second, per policy).

integer

Minimum value: 0 Maximum value: 4294967295

ack-rate

ACK request rate limit (per second, per policy).

integer

Minimum value: 0 Maximum value: 4294967295

prack-rate

PRACK request rate limit (per second, per policy).

integer

Minimum value: 0 Maximum value: 4294967295

info-rate

INFO request rate limit (per second, per policy).

integer

Minimum value: 0 Maximum value: 4294967295

publish-rate

PUBLISH request rate limit (per second, per policy).

integer

Minimum value: 0 Maximum value: 4294967295

bye-rate

BYE request rate limit (per second, per policy).

integer

Minimum value: 0 Maximum value: 4294967295

cancel-rate

CANCEL request rate limit (per second, per policy).

integer

Minimum value: 0 Maximum value: 4294967295

preserve-override

Override i line to preserve original IPS .

option

-

Option

Description

disable

Disable status.

enable

Enable status.

no-sdp-fixup

Enable/disable no SDP fix-up.

option

-

Option

Description

disable

Disable status.

enable

Enable status.

contact-fixup

Fixup contact anyway even if contact's IP:port doesn't match session's IP:port.

option

-

Option

Description

disable

Disable status.

enable

Enable status.

max-idle-dialogs

Maximum number established but idle dialogs to retain (per policy).

integer

Minimum value: 0 Maximum value: 4294967295

block-geo-red-options

Enable/disable block OPTIONS requests, but OPTIONS requests still notify for redundancy.

option

-

Option

Description

disable

Disable status.

enable

Enable status.

hosted-nat-traversal

Hosted NAT Traversal (HNT).

option

-

Option

Description

disable

Disable status.

enable

Enable status.

hnt-restrict-source-ip

Enable/disable restrict RTP source IP to be the same as SIP source IP when HNT is enabled.

option

-

Option

Description

disable

Disable status.

enable

Enable status.

max-body-length

Maximum SIP message body length (0 meaning no limit).

integer

Minimum value: 0 Maximum value: 4294967295

unknown-header

Action for unknown SIP header.

option

-

Option

Description

discard

Discard malformed messages.

pass

Bypass malformed messages.

respond

Respond with error code.

malformed-request-line

Action for malformed request line.

option

-

Option

Description

discard

Discard malformed messages.

pass

Bypass malformed messages.

respond

Respond with error code.

malformed-header-via

Action for malformed VIA header.

option

-

Option

Description

discard

Discard malformed messages.

pass

Bypass malformed messages.

respond

Respond with error code.

malformed-header-from

Action for malformed From header.

option

-

Option

Description

discard

Discard malformed messages.

pass

Bypass malformed messages.

respond

Respond with error code.

malformed-header-to

Action for malformed To header.

option

-

Option

Description

discard

Discard malformed messages.

pass

Bypass malformed messages.

respond

Respond with error code.

malformed-header-call-id

Action for malformed Call-ID header.

option

-

Option

Description

discard

Discard malformed messages.

pass

Bypass malformed messages.

respond

Respond with error code.

malformed-header-cseq

Action for malformed CSeq header.

option

-

Option

Description

discard

Discard malformed messages.

pass

Bypass malformed messages.

respond

Respond with error code.

malformed-header-rack

Action for malformed RAck header.

option

-

Option

Description

discard

Discard malformed messages.

pass

Bypass malformed messages.

respond

Respond with error code.

malformed-header-rseq

Action for malformed RSeq header.

option

-

Option

Description

discard

Discard malformed messages.

pass

Bypass malformed messages.

respond

Respond with error code.

malformed-header-contact

Action for malformed Contact header.

option

-

Option

Description

discard

Discard malformed messages.

pass

Bypass malformed messages.

respond

Respond with error code.

malformed-header-record-route

Action for malformed Record-Route header.

option

-

Option

Description

discard

Discard malformed messages.

pass

Bypass malformed messages.

respond

Respond with error code.

malformed-header-route

Action for malformed Route header.

option

-

Option

Description

discard

Discard malformed messages.

pass

Bypass malformed messages.

respond

Respond with error code.

malformed-header-expires

Action for malformed Expires header.

option

-

Option

Description

discard

Discard malformed messages.

pass

Bypass malformed messages.

respond

Respond with error code.

malformed-header-content-type

Action for malformed Content-Type header.

option

-

Option

Description

discard

Discard malformed messages.

pass

Bypass malformed messages.

respond

Respond with error code.

malformed-header-content-length

Action for malformed Content-Length header.

option

-

Option

Description

discard

Discard malformed messages.

pass

Bypass malformed messages.

respond

Respond with error code.

malformed-header-max-forwards

Action for malformed Max-Forwards header.

option

-

Option

Description

discard

Discard malformed messages.

pass

Bypass malformed messages.

respond

Respond with error code.

malformed-header-allow

Action for malformed Allow header.

option

-

Option

Description

discard

Discard malformed messages.

pass

Bypass malformed messages.

respond

Respond with error code.

malformed-header-p-asserted-identity

Action for malformed P-Asserted-Identity header.

option

-

Option

Description

discard

Discard malformed messages.

pass

Bypass malformed messages.

respond

Respond with error code.

malformed-header-sdp-v

Action for malformed SDP v line.

option

-

Option

Description

discard

Discard malformed messages.

pass

Bypass malformed messages.

respond

Respond with error code.

malformed-header-sdp-o

Action for malformed SDP o line.

option

-

Option

Description

discard

Discard malformed messages.

pass

Bypass malformed messages.

respond

Respond with error code.

malformed-header-sdp-s

Action for malformed SDP s line.

option

-

Option

Description

discard

Discard malformed messages.

pass

Bypass malformed messages.

respond

Respond with error code.

malformed-header-sdp-i

Action for malformed SDP i line.

option

-

Option

Description

discard

Discard malformed messages.

pass

Bypass malformed messages.

respond

Respond with error code.

malformed-header-sdp-c

Action for malformed SDP c line.

option

-

Option

Description

discard

Discard malformed messages.

pass

Bypass malformed messages.

respond

Respond with error code.

malformed-header-sdp-b

Action for malformed SDP b line.

option

-

Option

Description

discard

Discard malformed messages.

pass

Bypass malformed messages.

respond

Respond with error code.

malformed-header-sdp-z

Action for malformed SDP z line.

option

-

Option

Description

discard

Discard malformed messages.

pass

Bypass malformed messages.

respond

Respond with error code.

malformed-header-sdp-k

Action for malformed SDP k line.

option

-

Option

Description

discard

Discard malformed messages.

pass

Bypass malformed messages.

respond

Respond with error code.

malformed-header-sdp-a

Action for malformed SDP a line.

option

-

Option

Description

discard

Discard malformed messages.

pass

Bypass malformed messages.

respond

Respond with error code.

malformed-header-sdp-t

Action for malformed SDP t line.

option

-

Option

Description

discard

Discard malformed messages.

pass

Bypass malformed messages.

respond

Respond with error code.

malformed-header-sdp-r

Action for malformed SDP r line.

option

-

Option

Description

discard

Discard malformed messages.

pass

Bypass malformed messages.

respond

Respond with error code.

malformed-header-sdp-m

Action for malformed SDP m line.

option

-

Option

Description

discard

Discard malformed messages.

pass

Bypass malformed messages.

respond

Respond with error code.

provisional-invite-expiry-time

Expiry time for provisional INVITE .

integer

Minimum value: 10 Maximum value: 3600

ips-rtp

Enable/disable allow IPS on RTP.

option

-

Option

Description

disable

Disable status.

enable

Enable status.

ssl-mode

SSL/TLS mode for encryption & decryption of traffic.

option

-

Option

Description

off

No SSL.

full

Client to FortiGate and FortiGate to Server SSL.

ssl-send-empty-frags

Send empty fragments to avoid attack on CBC IV (SSL 3.0 & TLS 1.0 only).

option

-

Option

Description

enable

Send empty fragments.

disable

Do not send empty fragments.

ssl-client-renegotiation

Allow/block client renegotiation by server.

option

-

Option

Description

allow

Allow a SSL client to renegotiate.

deny

Abort any SSL connection that attempts to renegotiate.

secure

Reject any SSL connection that does not offer a RFC 5746 Secure Renegotiation Indication.

ssl-algorithm

Relative strength of encryption algorithms accepted in negotiation.

option

-

Option

Description

high

High encryption. Allow only AES and ChaCha.

medium

Medium encryption. Allow AES, ChaCha, 3DES, and RC4.

low

Low encryption. Allow AES, ChaCha, 3DES, RC4, and DES.

ssl-pfs

SSL Perfect Forward Secrecy.

option

-

Option

Description

require

PFS mandatory.

deny

PFS rejected.

allow

PFS allowed.

ssl-min-version

Lowest SSL/TLS version to negotiate.

option

-

Option

Description

ssl-3.0

SSL 3.0.

tls-1.0

TLS 1.0.

tls-1.1

TLS 1.1.

tls-1.2

TLS 1.2.

tls-1.3

TLS 1.3.

ssl-max-version

Highest SSL/TLS version to negotiate.

option

-

Option

Description

ssl-3.0

SSL 3.0.

tls-1.0

TLS 1.0.

tls-1.1

TLS 1.1.

tls-1.2

TLS 1.2.

tls-1.3

TLS 1.3.

ssl-client-certificate

Name of Certificate to offer to server if requested.

string

Maximum length: 35

ssl-server-certificate

Name of Certificate return to the client in every SSL connection.

string

Maximum length: 35

ssl-auth-client

Require a client certificate and authenticate it with the peer/peergrp.

string

Maximum length: 35

ssl-auth-server

Authenticate the server's certificate with the peer/peergrp.

string

Maximum length: 35

config sccp

Parameter

Description

Type

Size

status

Enable/disable SCCP.

option

-

Option

Description

disable

Disable status.

enable

Enable status.

block-mcast

Enable/disable block multicast RTP connections.

option

-

Option

Description

disable

Disable status.

enable

Enable status.

verify-header

Enable/disable verify SCCP header content.

option

-

Option

Description

disable

Disable status.

enable

Enable status.

log-call-summary

Enable/disable log summary of SCCP calls.

option

-

Option

Description

disable

Disable status.

enable

Enable status.

log-violations

Enable/disable logging of SCCP violations.

option

-

Option

Description

disable

Disable status.

enable

Enable status.

max-calls

Maximum calls per minute per SCCP client (max 65535).

integer

Minimum value: 0 Maximum value: 65535

config voip profile

Configure VoIP profiles.

config voip profile

Description: Configure VoIP profiles.

edit <name>

set comment {var-string}

config sip

Description: SIP.

set status [disable|enable]

set rtp [disable|enable]

set nat-port-range {user}

set open-register-pinhole [disable|enable]

set open-contact-pinhole [disable|enable]

set strict-register [disable|enable]

set register-rate {integer}

set invite-rate {integer}

set max-dialogs {integer}

set max-line-length {integer}

set block-long-lines [disable|enable]

set block-unknown [disable|enable]

set call-keepalive {integer}

set block-ack [disable|enable]

set block-bye [disable|enable]

set block-cancel [disable|enable]

set block-info [disable|enable]

set block-invite [disable|enable]

set block-message [disable|enable]

set block-notify [disable|enable]

set block-options [disable|enable]

set block-prack [disable|enable]

set block-publish [disable|enable]

set block-refer [disable|enable]

set block-register [disable|enable]

set block-subscribe [disable|enable]

set block-update [disable|enable]

set register-contact-trace [disable|enable]

set open-via-pinhole [disable|enable]

set open-record-route-pinhole [disable|enable]

set rfc2543-branch [disable|enable]

set log-violations [disable|enable]

set log-call-summary [disable|enable]

set nat-trace [disable|enable]

set subscribe-rate {integer}

set message-rate {integer}

set notify-rate {integer}

set refer-rate {integer}

set update-rate {integer}

set options-rate {integer}

set ack-rate {integer}

set prack-rate {integer}

set info-rate {integer}

set publish-rate {integer}

set bye-rate {integer}

set cancel-rate {integer}

set preserve-override [disable|enable]

set no-sdp-fixup [disable|enable]

set contact-fixup [disable|enable]

set max-idle-dialogs {integer}

set block-geo-red-options [disable|enable]

set hosted-nat-traversal [disable|enable]

set hnt-restrict-source-ip [disable|enable]

set max-body-length {integer}

set unknown-header [discard|pass|...]

set malformed-request-line [discard|pass|...]

set malformed-header-via [discard|pass|...]

set malformed-header-from [discard|pass|...]

set malformed-header-to [discard|pass|...]

set malformed-header-call-id [discard|pass|...]

set malformed-header-cseq [discard|pass|...]

set malformed-header-rack [discard|pass|...]

set malformed-header-rseq [discard|pass|...]

set malformed-header-contact [discard|pass|...]

set malformed-header-record-route [discard|pass|...]

set malformed-header-route [discard|pass|...]

set malformed-header-expires [discard|pass|...]

set malformed-header-content-type [discard|pass|...]

set malformed-header-content-length [discard|pass|...]

set malformed-header-max-forwards [discard|pass|...]

set malformed-header-allow [discard|pass|...]

set malformed-header-p-asserted-identity [discard|pass|...]

set malformed-header-sdp-v [discard|pass|...]

set malformed-header-sdp-o [discard|pass|...]

set malformed-header-sdp-s [discard|pass|...]

set malformed-header-sdp-i [discard|pass|...]

set malformed-header-sdp-c [discard|pass|...]

set malformed-header-sdp-b [discard|pass|...]

set malformed-header-sdp-z [discard|pass|...]

set malformed-header-sdp-k [discard|pass|...]

set malformed-header-sdp-a [discard|pass|...]

set malformed-header-sdp-t [discard|pass|...]

set malformed-header-sdp-r [discard|pass|...]

set malformed-header-sdp-m [discard|pass|...]

set provisional-invite-expiry-time {integer}

set ips-rtp [disable|enable]

set ssl-mode [off|full]

set ssl-send-empty-frags [enable|disable]

set ssl-client-renegotiation [allow|deny|...]

set ssl-algorithm [high|medium|...]

set ssl-pfs [require|deny|...]

set ssl-min-version [ssl-3.0|tls-1.0|...]

set ssl-max-version [ssl-3.0|tls-1.0|...]

set ssl-client-certificate {string}

set ssl-server-certificate {string}

set ssl-auth-client {string}

set ssl-auth-server {string}

end

config sccp

Description: SCCP.

set status [disable|enable]

set block-mcast [disable|enable]

set verify-header [disable|enable]

set log-call-summary [disable|enable]

set log-violations [disable|enable]

set max-calls {integer}

end

next

end

config voip profile

Parameter

Description

Type

Size

comment

Comment.

var-string

Maximum length: 255

config sip

Parameter

Description

Type

Size

status

Enable/disable SIP.

option

-

Option

Description

disable

Disable status.

enable

Enable status.

rtp

Enable/disable create pinholes for RTP traffic to traverse firewall.

option

-

Option

Description

disable

Disable status.

enable

Enable status.

nat-port-range

RTP NAT port range.

user

Not Specified

open-register-pinhole

Enable/disable open pinhole for REGISTER Contact port.

option

-

Option

Description

disable

Disable status.

enable

Enable status.

open-contact-pinhole

Enable/disable open pinhole for non-REGISTER Contact port.

option

-

Option

Description

disable

Disable status.

enable

Enable status.

strict-register

Enable/disable only allow the registrar to connect.

option

-

Option

Description

disable

Disable status.

enable

Enable status.

register-rate

REGISTER request rate limit (per second, per policy).

integer

Minimum value: 0 Maximum value: 4294967295

invite-rate

INVITE request rate limit (per second, per policy).

integer

Minimum value: 0 Maximum value: 4294967295

max-dialogs

Maximum number of concurrent calls/dialogs (per policy).

integer

Minimum value: 0 Maximum value: 4294967295

max-line-length

Maximum SIP header line length .

integer

Minimum value: 78 Maximum value: 4096

block-long-lines

Enable/disable block requests with headers exceeding max-line-length.

option

-

Option

Description

disable

Disable status.

enable

Enable status.

block-unknown

Block unrecognized SIP requests .

option

-

Option

Description

disable

Disable status.

enable

Enable status.

call-keepalive

Continue tracking calls with no RTP for this many minutes.

integer

Minimum value: 0 Maximum value: 10080

block-ack

Enable/disable block ACK requests.

option

-

Option

Description

disable

Disable status.

enable

Enable status.

block-bye

Enable/disable block BYE requests.

option

-

Option

Description

disable

Disable status.

enable

Enable status.

block-cancel

Enable/disable block CANCEL requests.

option

-

Option

Description

disable

Disable status.

enable

Enable status.

block-info

Enable/disable block INFO requests.

option

-

Option

Description

disable

Disable status.

enable

Enable status.

block-invite

Enable/disable block INVITE requests.

option

-

Option

Description

disable

Disable status.

enable

Enable status.

block-message

Enable/disable block MESSAGE requests.

option

-

Option

Description

disable

Disable status.

enable

Enable status.

block-notify

Enable/disable block NOTIFY requests.

option

-

Option

Description

disable

Disable status.

enable

Enable status.

block-options

Enable/disable block OPTIONS requests and no OPTIONS as notifying message for redundancy either.

option

-

Option

Description

disable

Disable status.

enable

Enable status.

block-prack

Enable/disable block prack requests.

option

-

Option

Description

disable

Disable status.

enable

Enable status.

block-publish

Enable/disable block PUBLISH requests.

option

-

Option

Description

disable

Disable status.

enable

Enable status.

block-refer

Enable/disable block REFER requests.

option

-

Option

Description

disable

Disable status.

enable

Enable status.

block-register

Enable/disable block REGISTER requests.

option

-

Option

Description

disable

Disable status.

enable

Enable status.

block-subscribe

Enable/disable block SUBSCRIBE requests.

option

-

Option

Description

disable

Disable status.

enable

Enable status.

block-update

Enable/disable block UPDATE requests.

option

-

Option

Description

disable

Disable status.

enable

Enable status.

register-contact-trace

Enable/disable trace original IP/port within the contact header of REGISTER requests.

option

-

Option

Description

disable

Disable status.

enable

Enable status.

open-via-pinhole

Enable/disable open pinhole for Via port.

option

-

Option

Description

disable

Disable status.

enable

Enable status.

open-record-route-pinhole

Enable/disable open pinhole for Record-Route port.

option

-

Option

Description

disable

Disable status.

enable

Enable status.

rfc2543-branch

Enable/disable support via branch compliant with RFC 2543.

option

-

Option

Description

disable

Disable status.

enable

Enable status.

log-violations

Enable/disable logging of SIP violations.

option

-

Option

Description

disable

Disable status.

enable

Enable status.

log-call-summary

Enable/disable logging of SIP call summary.

option

-

Option

Description

disable

Disable status.

enable

Enable status.

nat-trace

Enable/disable preservation of original IP in SDP i line.

option

-

Option

Description

disable

Disable status.

enable

Enable status.

subscribe-rate

SUBSCRIBE request rate limit (per second, per policy).

integer

Minimum value: 0 Maximum value: 4294967295

message-rate

MESSAGE request rate limit (per second, per policy).

integer

Minimum value: 0 Maximum value: 4294967295

notify-rate

NOTIFY request rate limit (per second, per policy).

integer

Minimum value: 0 Maximum value: 4294967295

refer-rate

REFER request rate limit (per second, per policy).

integer

Minimum value: 0 Maximum value: 4294967295

update-rate

UPDATE request rate limit (per second, per policy).

integer

Minimum value: 0 Maximum value: 4294967295

options-rate

OPTIONS request rate limit (per second, per policy).

integer

Minimum value: 0 Maximum value: 4294967295

ack-rate

ACK request rate limit (per second, per policy).

integer

Minimum value: 0 Maximum value: 4294967295

prack-rate

PRACK request rate limit (per second, per policy).

integer

Minimum value: 0 Maximum value: 4294967295

info-rate

INFO request rate limit (per second, per policy).

integer

Minimum value: 0 Maximum value: 4294967295

publish-rate

PUBLISH request rate limit (per second, per policy).

integer

Minimum value: 0 Maximum value: 4294967295

bye-rate

BYE request rate limit (per second, per policy).

integer

Minimum value: 0 Maximum value: 4294967295

cancel-rate

CANCEL request rate limit (per second, per policy).

integer

Minimum value: 0 Maximum value: 4294967295

preserve-override

Override i line to preserve original IPS .

option

-

Option

Description

disable

Disable status.

enable

Enable status.

no-sdp-fixup

Enable/disable no SDP fix-up.

option

-

Option

Description

disable

Disable status.

enable

Enable status.

contact-fixup

Fixup contact anyway even if contact's IP:port doesn't match session's IP:port.

option

-

Option

Description

disable

Disable status.

enable

Enable status.

max-idle-dialogs

Maximum number established but idle dialogs to retain (per policy).

integer

Minimum value: 0 Maximum value: 4294967295

block-geo-red-options

Enable/disable block OPTIONS requests, but OPTIONS requests still notify for redundancy.

option

-

Option

Description

disable

Disable status.

enable

Enable status.

hosted-nat-traversal

Hosted NAT Traversal (HNT).

option

-

Option

Description

disable

Disable status.

enable

Enable status.

hnt-restrict-source-ip

Enable/disable restrict RTP source IP to be the same as SIP source IP when HNT is enabled.

option

-

Option

Description

disable

Disable status.

enable

Enable status.

max-body-length

Maximum SIP message body length (0 meaning no limit).

integer

Minimum value: 0 Maximum value: 4294967295

unknown-header

Action for unknown SIP header.

option

-

Option

Description

discard

Discard malformed messages.

pass

Bypass malformed messages.

respond

Respond with error code.

malformed-request-line

Action for malformed request line.

option

-

Option

Description

discard

Discard malformed messages.

pass

Bypass malformed messages.

respond

Respond with error code.

malformed-header-via

Action for malformed VIA header.

option

-

Option

Description

discard

Discard malformed messages.

pass

Bypass malformed messages.

respond

Respond with error code.

malformed-header-from

Action for malformed From header.

option

-

Option

Description

discard

Discard malformed messages.

pass

Bypass malformed messages.

respond

Respond with error code.

malformed-header-to

Action for malformed To header.

option

-

Option

Description

discard

Discard malformed messages.

pass

Bypass malformed messages.

respond

Respond with error code.

malformed-header-call-id

Action for malformed Call-ID header.

option

-

Option

Description

discard

Discard malformed messages.

pass

Bypass malformed messages.

respond

Respond with error code.

malformed-header-cseq

Action for malformed CSeq header.

option

-

Option

Description

discard

Discard malformed messages.

pass

Bypass malformed messages.

respond

Respond with error code.

malformed-header-rack

Action for malformed RAck header.

option

-

Option

Description

discard

Discard malformed messages.

pass

Bypass malformed messages.

respond

Respond with error code.

malformed-header-rseq

Action for malformed RSeq header.

option

-

Option

Description

discard

Discard malformed messages.

pass

Bypass malformed messages.

respond

Respond with error code.

malformed-header-contact

Action for malformed Contact header.

option

-

Option

Description

discard

Discard malformed messages.

pass

Bypass malformed messages.

respond

Respond with error code.

malformed-header-record-route

Action for malformed Record-Route header.

option

-

Option

Description

discard

Discard malformed messages.

pass

Bypass malformed messages.

respond

Respond with error code.

malformed-header-route

Action for malformed Route header.

option

-

Option

Description

discard

Discard malformed messages.

pass

Bypass malformed messages.

respond

Respond with error code.

malformed-header-expires

Action for malformed Expires header.

option

-

Option

Description

discard

Discard malformed messages.

pass

Bypass malformed messages.

respond

Respond with error code.

malformed-header-content-type

Action for malformed Content-Type header.

option

-

Option

Description

discard

Discard malformed messages.

pass

Bypass malformed messages.

respond

Respond with error code.

malformed-header-content-length

Action for malformed Content-Length header.

option

-

Option

Description

discard

Discard malformed messages.

pass

Bypass malformed messages.

respond

Respond with error code.

malformed-header-max-forwards

Action for malformed Max-Forwards header.

option

-

Option

Description

discard

Discard malformed messages.

pass

Bypass malformed messages.

respond

Respond with error code.

malformed-header-allow

Action for malformed Allow header.

option

-

Option

Description

discard

Discard malformed messages.

pass

Bypass malformed messages.

respond

Respond with error code.

malformed-header-p-asserted-identity

Action for malformed P-Asserted-Identity header.

option

-

Option

Description

discard

Discard malformed messages.

pass

Bypass malformed messages.

respond

Respond with error code.

malformed-header-sdp-v

Action for malformed SDP v line.

option

-

Option

Description

discard

Discard malformed messages.

pass

Bypass malformed messages.

respond

Respond with error code.

malformed-header-sdp-o

Action for malformed SDP o line.

option

-

Option

Description

discard

Discard malformed messages.

pass

Bypass malformed messages.

respond

Respond with error code.

malformed-header-sdp-s

Action for malformed SDP s line.

option

-

Option

Description

discard

Discard malformed messages.

pass

Bypass malformed messages.

respond

Respond with error code.

malformed-header-sdp-i

Action for malformed SDP i line.

option

-

Option

Description

discard

Discard malformed messages.

pass

Bypass malformed messages.

respond

Respond with error code.

malformed-header-sdp-c

Action for malformed SDP c line.

option

-

Option

Description

discard

Discard malformed messages.

pass

Bypass malformed messages.

respond

Respond with error code.

malformed-header-sdp-b

Action for malformed SDP b line.

option

-

Option

Description

discard

Discard malformed messages.

pass

Bypass malformed messages.

respond

Respond with error code.

malformed-header-sdp-z

Action for malformed SDP z line.

option

-

Option

Description

discard

Discard malformed messages.

pass

Bypass malformed messages.

respond

Respond with error code.

malformed-header-sdp-k

Action for malformed SDP k line.

option

-

Option

Description

discard

Discard malformed messages.

pass

Bypass malformed messages.

respond

Respond with error code.

malformed-header-sdp-a

Action for malformed SDP a line.

option

-

Option

Description

discard

Discard malformed messages.

pass

Bypass malformed messages.

respond

Respond with error code.

malformed-header-sdp-t

Action for malformed SDP t line.

option

-

Option

Description

discard

Discard malformed messages.

pass

Bypass malformed messages.

respond

Respond with error code.

malformed-header-sdp-r

Action for malformed SDP r line.

option

-

Option

Description

discard

Discard malformed messages.

pass

Bypass malformed messages.

respond

Respond with error code.

malformed-header-sdp-m

Action for malformed SDP m line.

option

-

Option

Description

discard

Discard malformed messages.

pass

Bypass malformed messages.

respond

Respond with error code.

provisional-invite-expiry-time

Expiry time for provisional INVITE .

integer

Minimum value: 10 Maximum value: 3600

ips-rtp

Enable/disable allow IPS on RTP.

option

-

Option

Description

disable

Disable status.

enable

Enable status.

ssl-mode

SSL/TLS mode for encryption & decryption of traffic.

option

-

Option

Description

off

No SSL.

full

Client to FortiGate and FortiGate to Server SSL.

ssl-send-empty-frags

Send empty fragments to avoid attack on CBC IV (SSL 3.0 & TLS 1.0 only).

option

-

Option

Description

enable

Send empty fragments.

disable

Do not send empty fragments.

ssl-client-renegotiation

Allow/block client renegotiation by server.

option

-

Option

Description

allow

Allow a SSL client to renegotiate.

deny

Abort any SSL connection that attempts to renegotiate.

secure

Reject any SSL connection that does not offer a RFC 5746 Secure Renegotiation Indication.

ssl-algorithm

Relative strength of encryption algorithms accepted in negotiation.

option

-

Option

Description

high

High encryption. Allow only AES and ChaCha.

medium

Medium encryption. Allow AES, ChaCha, 3DES, and RC4.

low

Low encryption. Allow AES, ChaCha, 3DES, RC4, and DES.

ssl-pfs

SSL Perfect Forward Secrecy.

option

-

Option

Description

require

PFS mandatory.

deny

PFS rejected.

allow

PFS allowed.

ssl-min-version

Lowest SSL/TLS version to negotiate.

option

-

Option

Description

ssl-3.0

SSL 3.0.

tls-1.0

TLS 1.0.

tls-1.1

TLS 1.1.

tls-1.2

TLS 1.2.

tls-1.3

TLS 1.3.

ssl-max-version

Highest SSL/TLS version to negotiate.

option

-

Option

Description

ssl-3.0

SSL 3.0.

tls-1.0

TLS 1.0.

tls-1.1

TLS 1.1.

tls-1.2

TLS 1.2.

tls-1.3

TLS 1.3.

ssl-client-certificate

Name of Certificate to offer to server if requested.

string

Maximum length: 35

ssl-server-certificate

Name of Certificate return to the client in every SSL connection.

string

Maximum length: 35

ssl-auth-client

Require a client certificate and authenticate it with the peer/peergrp.

string

Maximum length: 35

ssl-auth-server

Authenticate the server's certificate with the peer/peergrp.

string

Maximum length: 35

config sccp

Parameter

Description

Type

Size

status

Enable/disable SCCP.

option

-

Option

Description

disable

Disable status.

enable

Enable status.

block-mcast

Enable/disable block multicast RTP connections.

option

-

Option

Description

disable

Disable status.

enable

Enable status.

verify-header

Enable/disable verify SCCP header content.

option

-

Option

Description

disable

Disable status.

enable

Enable status.

log-call-summary

Enable/disable log summary of SCCP calls.

option

-

Option

Description

disable

Disable status.

enable

Enable status.

log-violations

Enable/disable logging of SCCP violations.

option

-

Option

Description

disable

Disable status.

enable

Enable status.

max-calls

Maximum calls per minute per SCCP client (max 65535).

integer

Minimum value: 0 Maximum value: 65535