How VoIP ALG mode settings determine the firewall policy inspection mode
The default-voip-alg-mode
setting will determine which inspection mode each firewall policy uses after upgrading.
Scenario 1
config system settings set default-voip-alg-mode proxy-based end
This is the default setting. All firewall policies will be converted to proxy-based inspection.
Scenario 2
config system settings set default-voip-alg-mode kernel-helper-based end
All firewall policies with a selected VoIP profile will be converted to proxy-based inspection. Policies without a configured VoIP profile will remain in the same inspection mode after upgrading.
Recommendation
If the scenario 1 outcome is not desired, do the following:
- Before upgrading, set
default-voip-alg-mode
tokernel-helper-based
. - Perform the upgrade.
- After upgrading, set
default-voip-alg-mode
toproxy-based
.The upgraded policies will remain in the same inspection mode if they do not contain a VoIP profile.