config voip profile
Configure VoIP profiles.
config voip profile
Description: Configure VoIP profiles.
edit <name>
set feature-set [flow|proxy]
set comment {var-string}
config sip
Description: SIP.
set status [disable|enable]
set rtp [disable|enable]
set nat-port-range {user}
set open-register-pinhole [disable|enable]
set open-contact-pinhole [disable|enable]
set strict-register [disable|enable]
set register-rate {integer}
set register-rate-track [none|src-ip|...]
set invite-rate {integer}
set invite-rate-track [none|src-ip|...]
set max-dialogs {integer}
set max-line-length {integer}
set block-long-lines [disable|enable]
set block-unknown [disable|enable]
set call-keepalive {integer}
set block-ack [disable|enable]
set block-bye [disable|enable]
set block-cancel [disable|enable]
set block-info [disable|enable]
set block-invite [disable|enable]
set block-message [disable|enable]
set block-notify [disable|enable]
set block-options [disable|enable]
set block-prack [disable|enable]
set block-publish [disable|enable]
set block-refer [disable|enable]
set block-register [disable|enable]
set block-subscribe [disable|enable]
set block-update [disable|enable]
set register-contact-trace [disable|enable]
set open-via-pinhole [disable|enable]
set open-record-route-pinhole [disable|enable]
set rfc2543-branch [disable|enable]
set log-violations [disable|enable]
set log-call-summary [disable|enable]
set nat-trace [disable|enable]
set subscribe-rate {integer}
set subscribe-rate-track [none|src-ip|...]
set message-rate {integer}
set message-rate-track [none|src-ip|...]
set notify-rate {integer}
set notify-rate-track [none|src-ip|...]
set refer-rate {integer}
set refer-rate-track [none|src-ip|...]
set update-rate {integer}
set update-rate-track [none|src-ip|...]
set options-rate {integer}
set options-rate-track [none|src-ip|...]
set ack-rate {integer}
set ack-rate-track [none|src-ip|...]
set prack-rate {integer}
set prack-rate-track [none|src-ip|...]
set info-rate {integer}
set info-rate-track [none|src-ip|...]
set publish-rate {integer}
set publish-rate-track [none|src-ip|...]
set bye-rate {integer}
set bye-rate-track [none|src-ip|...]
set cancel-rate {integer}
set cancel-rate-track [none|src-ip|...]
set preserve-override [disable|enable]
set no-sdp-fixup [disable|enable]
set contact-fixup [disable|enable]
set max-idle-dialogs {integer}
set block-geo-red-options [disable|enable]
set hosted-nat-traversal [disable|enable]
set hnt-restrict-source-ip [disable|enable]
set max-body-length {integer}
set unknown-header [discard|pass|...]
set malformed-request-line [discard|pass|...]
set malformed-header-via [discard|pass|...]
set malformed-header-from [discard|pass|...]
set malformed-header-to [discard|pass|...]
set malformed-header-call-id [discard|pass|...]
set malformed-header-cseq [discard|pass|...]
set malformed-header-rack [discard|pass|...]
set malformed-header-rseq [discard|pass|...]
set malformed-header-contact [discard|pass|...]
set malformed-header-record-route [discard|pass|...]
set malformed-header-route [discard|pass|...]
set malformed-header-expires [discard|pass|...]
set malformed-header-content-type [discard|pass|...]
set malformed-header-content-length [discard|pass|...]
set malformed-header-max-forwards [discard|pass|...]
set malformed-header-allow [discard|pass|...]
set malformed-header-p-asserted-identity [discard|pass|...]
set malformed-header-no-require [discard|pass|...]
set malformed-header-no-proxy-require [discard|pass|...]
set malformed-header-sdp-v [discard|pass|...]
set malformed-header-sdp-o [discard|pass|...]
set malformed-header-sdp-s [discard|pass|...]
set malformed-header-sdp-i [discard|pass|...]
set malformed-header-sdp-c [discard|pass|...]
set malformed-header-sdp-b [discard|pass|...]
set malformed-header-sdp-z [discard|pass|...]
set malformed-header-sdp-k [discard|pass|...]
set malformed-header-sdp-a [discard|pass|...]
set malformed-header-sdp-t [discard|pass|...]
set malformed-header-sdp-r [discard|pass|...]
set malformed-header-sdp-m [discard|pass|...]
set provisional-invite-expiry-time {integer}
set ips-rtp [disable|enable]
set ssl-mode [off|full]
set ssl-send-empty-frags [enable|disable]
set ssl-client-renegotiation [allow|deny|...]
set ssl-algorithm [high|medium|...]
set ssl-pfs [require|deny|...]
set ssl-min-version [ssl-3.0|tls-1.0|...]
set ssl-max-version [ssl-3.0|tls-1.0|...]
set ssl-client-certificate {string}
set ssl-server-certificate {string}
set ssl-auth-client {string}
set ssl-auth-server {string}
end
config sccp
Description: SCCP.
set status [disable|enable]
set block-mcast [disable|enable]
set verify-header [disable|enable]
set log-call-summary [disable|enable]
set log-violations [disable|enable]
set max-calls {integer}
end
config msrp
Description: MSRP.
set status [disable|enable]
set log-violations [disable|enable]
set max-msg-size {integer}
set max-msg-size-action [pass|block|...]
end
next
end
config voip profile
Parameter |
Description |
Type |
Size |
Default |
||||||
---|---|---|---|---|---|---|---|---|---|---|
feature-set |
Flow or proxy inspection feature set. |
option |
- |
proxy |
||||||
|
|
|||||||||
comment |
Comment. |
var-string |
Maximum length: 255 |
|
config sip
Parameter |
Description |
Type |
Size |
Default |
||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
status |
Enable/disable SIP. |
option |
- |
enable |
||||||||||||
|
|
|||||||||||||||
rtp |
Enable/disable create pinholes for RTP traffic to traverse firewall. |
option |
- |
enable |
||||||||||||
|
|
|||||||||||||||
nat-port-range |
RTP NAT port range. |
user |
Not Specified |
5117-65533 |
||||||||||||
open-register-pinhole |
Enable/disable open pinhole for REGISTER Contact port. |
option |
- |
enable |
||||||||||||
|
|
|||||||||||||||
open-contact-pinhole |
Enable/disable open pinhole for non-REGISTER Contact port. |
option |
- |
enable |
||||||||||||
|
|
|||||||||||||||
strict-register |
Enable/disable only allow the registrar to connect. |
option |
- |
enable |
||||||||||||
|
|
|||||||||||||||
register-rate |
REGISTER request rate limit (per second, per policy). |
integer |
Minimum value: 0 Maximum value: 4294967295 |
0 |
||||||||||||
register-rate-track |
Track the packet protocol field. |
option |
- |
none |
||||||||||||
|
|
|||||||||||||||
invite-rate |
INVITE request rate limit (per second, per policy). |
integer |
Minimum value: 0 Maximum value: 4294967295 |
0 |
||||||||||||
invite-rate-track |
Track the packet protocol field. |
option |
- |
none |
||||||||||||
|
|
|||||||||||||||
max-dialogs |
Maximum number of concurrent calls/dialogs (per policy). |
integer |
Minimum value: 0 Maximum value: 4294967295 |
0 |
||||||||||||
max-line-length |
Maximum SIP header line length . |
integer |
Minimum value: 78 Maximum value: 4096 |
998 |
||||||||||||
block-long-lines |
Enable/disable block requests with headers exceeding max-line-length. |
option |
- |
enable |
||||||||||||
|
|
|||||||||||||||
block-unknown |
Block unrecognized SIP requests . |
option |
- |
enable |
||||||||||||
|
|
|||||||||||||||
call-keepalive |
Continue tracking calls with no RTP for this many minutes. |
integer |
Minimum value: 0 Maximum value: 10080 |
0 |
||||||||||||
block-ack |
Enable/disable block ACK requests. |
option |
- |
disable |
||||||||||||
|
|
|||||||||||||||
block-bye |
Enable/disable block BYE requests. |
option |
- |
disable |
||||||||||||
|
|
|||||||||||||||
block-cancel |
Enable/disable block CANCEL requests. |
option |
- |
disable |
||||||||||||
|
|
|||||||||||||||
block-info |
Enable/disable block INFO requests. |
option |
- |
disable |
||||||||||||
|
|
|||||||||||||||
block-invite |
Enable/disable block INVITE requests. |
option |
- |
disable |
||||||||||||
|
|
|||||||||||||||
block-message |
Enable/disable block MESSAGE requests. |
option |
- |
disable |
||||||||||||
|
|
|||||||||||||||
block-notify |
Enable/disable block NOTIFY requests. |
option |
- |
disable |
||||||||||||
|
|
|||||||||||||||
block-options |
Enable/disable block OPTIONS requests and no OPTIONS as notifying message for redundancy either. |
option |
- |
disable |
||||||||||||
|
|
|||||||||||||||
block-prack |
Enable/disable block prack requests. |
option |
- |
disable |
||||||||||||
|
|
|||||||||||||||
block-publish |
Enable/disable block PUBLISH requests. |
option |
- |
disable |
||||||||||||
|
|
|||||||||||||||
block-refer |
Enable/disable block REFER requests. |
option |
- |
disable |
||||||||||||
|
|
|||||||||||||||
block-register |
Enable/disable block REGISTER requests. |
option |
- |
disable |
||||||||||||
|
|
|||||||||||||||
block-subscribe |
Enable/disable block SUBSCRIBE requests. |
option |
- |
disable |
||||||||||||
|
|
|||||||||||||||
block-update |
Enable/disable block UPDATE requests. |
option |
- |
disable |
||||||||||||
|
|
|||||||||||||||
register-contact-trace |
Enable/disable trace original IP/port within the contact header of REGISTER requests. |
option |
- |
disable |
||||||||||||
|
|
|||||||||||||||
open-via-pinhole |
Enable/disable open pinhole for Via port. |
option |
- |
disable |
||||||||||||
|
|
|||||||||||||||
open-record-route-pinhole |
Enable/disable open pinhole for Record-Route port. |
option |
- |
enable |
||||||||||||
|
|
|||||||||||||||
rfc2543-branch |
Enable/disable support via branch compliant with RFC 2543. |
option |
- |
disable |
||||||||||||
|
|
|||||||||||||||
log-violations |
Enable/disable logging of SIP violations. |
option |
- |
disable |
||||||||||||
|
|
|||||||||||||||
log-call-summary |
Enable/disable logging of SIP call summary. |
option |
- |
enable |
||||||||||||
|
|
|||||||||||||||
nat-trace |
Enable/disable preservation of original IP in SDP i line. |
option |
- |
enable |
||||||||||||
|
|
|||||||||||||||
subscribe-rate |
SUBSCRIBE request rate limit (per second, per policy). |
integer |
Minimum value: 0 Maximum value: 4294967295 |
0 |
||||||||||||
subscribe-rate-track |
Track the packet protocol field. |
option |
- |
none |
||||||||||||
|
|
|||||||||||||||
message-rate |
MESSAGE request rate limit (per second, per policy). |
integer |
Minimum value: 0 Maximum value: 4294967295 |
0 |
||||||||||||
message-rate-track |
Track the packet protocol field. |
option |
- |
none |
||||||||||||
|
|
|||||||||||||||
notify-rate |
NOTIFY request rate limit (per second, per policy). |
integer |
Minimum value: 0 Maximum value: 4294967295 |
0 |
||||||||||||
notify-rate-track |
Track the packet protocol field. |
option |
- |
none |
||||||||||||
|
|
|||||||||||||||
refer-rate |
REFER request rate limit (per second, per policy). |
integer |
Minimum value: 0 Maximum value: 4294967295 |
0 |
||||||||||||
refer-rate-track |
Track the packet protocol field. |
option |
- |
none |
||||||||||||
|
|
|||||||||||||||
update-rate |
UPDATE request rate limit (per second, per policy). |
integer |
Minimum value: 0 Maximum value: 4294967295 |
0 |
||||||||||||
update-rate-track |
Track the packet protocol field. |
option |
- |
none |
||||||||||||
|
|
|||||||||||||||
options-rate |
OPTIONS request rate limit (per second, per policy). |
integer |
Minimum value: 0 Maximum value: 4294967295 |
0 |
||||||||||||
options-rate-track |
Track the packet protocol field. |
option |
- |
none |
||||||||||||
|
|
|||||||||||||||
ack-rate |
ACK request rate limit (per second, per policy). |
integer |
Minimum value: 0 Maximum value: 4294967295 |
0 |
||||||||||||
ack-rate-track |
Track the packet protocol field. |
option |
- |
none |
||||||||||||
|
|
|||||||||||||||
prack-rate |
PRACK request rate limit (per second, per policy). |
integer |
Minimum value: 0 Maximum value: 4294967295 |
0 |
||||||||||||
prack-rate-track |
Track the packet protocol field. |
option |
- |
none |
||||||||||||
|
|
|||||||||||||||
info-rate |
INFO request rate limit (per second, per policy). |
integer |
Minimum value: 0 Maximum value: 4294967295 |
0 |
||||||||||||
info-rate-track |
Track the packet protocol field. |
option |
- |
none |
||||||||||||
|
|
|||||||||||||||
publish-rate |
PUBLISH request rate limit (per second, per policy). |
integer |
Minimum value: 0 Maximum value: 4294967295 |
0 |
||||||||||||
publish-rate-track |
Track the packet protocol field. |
option |
- |
none |
||||||||||||
|
|
|||||||||||||||
bye-rate |
BYE request rate limit (per second, per policy). |
integer |
Minimum value: 0 Maximum value: 4294967295 |
0 |
||||||||||||
bye-rate-track |
Track the packet protocol field. |
option |
- |
none |
||||||||||||
|
|
|||||||||||||||
cancel-rate |
CANCEL request rate limit (per second, per policy). |
integer |
Minimum value: 0 Maximum value: 4294967295 |
0 |
||||||||||||
cancel-rate-track |
Track the packet protocol field. |
option |
- |
none |
||||||||||||
|
|
|||||||||||||||
preserve-override |
Override i line to preserve original IPS . |
option |
- |
disable |
||||||||||||
|
|
|||||||||||||||
no-sdp-fixup |
Enable/disable no SDP fix-up. |
option |
- |
disable |
||||||||||||
|
|
|||||||||||||||
contact-fixup |
Fixup contact anyway even if contact's IP:port doesn't match session's IP:port. |
option |
- |
enable |
||||||||||||
|
|
|||||||||||||||
max-idle-dialogs |
Maximum number established but idle dialogs to retain (per policy). |
integer |
Minimum value: 0 Maximum value: 4294967295 |
0 |
||||||||||||
block-geo-red-options |
Enable/disable block OPTIONS requests, but OPTIONS requests still notify for redundancy. |
option |
- |
disable |
||||||||||||
|
|
|||||||||||||||
hosted-nat-traversal |
Hosted NAT Traversal (HNT). |
option |
- |
disable |
||||||||||||
|
|
|||||||||||||||
hnt-restrict-source-ip |
Enable/disable restrict RTP source IP to be the same as SIP source IP when HNT is enabled. |
option |
- |
disable |
||||||||||||
|
|
|||||||||||||||
max-body-length |
Maximum SIP message body length (0 meaning no limit). |
integer |
Minimum value: 0 Maximum value: 4294967295 |
0 |
||||||||||||
unknown-header |
Action for unknown SIP header. |
option |
- |
pass |
||||||||||||
|
|
|||||||||||||||
malformed-request-line |
Action for malformed request line. |
option |
- |
pass |
||||||||||||
|
|
|||||||||||||||
malformed-header-via |
Action for malformed VIA header. |
option |
- |
pass |
||||||||||||
|
|
|||||||||||||||
malformed-header-from |
Action for malformed From header. |
option |
- |
pass |
||||||||||||
|
|
|||||||||||||||
malformed-header-to |
Action for malformed To header. |
option |
- |
pass |
||||||||||||
|
|
|||||||||||||||
malformed-header-call-id |
Action for malformed Call-ID header. |
option |
- |
pass |
||||||||||||
|
|
|||||||||||||||
malformed-header-cseq |
Action for malformed CSeq header. |
option |
- |
pass |
||||||||||||
|
|
|||||||||||||||
malformed-header-rack |
Action for malformed RAck header. |
option |
- |
pass |
||||||||||||
|
|
|||||||||||||||
malformed-header-rseq |
Action for malformed RSeq header. |
option |
- |
pass |
||||||||||||
|
|
|||||||||||||||
malformed-header-contact |
Action for malformed Contact header. |
option |
- |
pass |
||||||||||||
|
|
|||||||||||||||
malformed-header-record-route |
Action for malformed Record-Route header. |
option |
- |
pass |
||||||||||||
|
|
|||||||||||||||
malformed-header-route |
Action for malformed Route header. |
option |
- |
pass |
||||||||||||
|
|
|||||||||||||||
malformed-header-expires |
Action for malformed Expires header. |
option |
- |
pass |
||||||||||||
|
|
|||||||||||||||
malformed-header-content-type |
Action for malformed Content-Type header. |
option |
- |
pass |
||||||||||||
|
|
|||||||||||||||
malformed-header-content-length |
Action for malformed Content-Length header. |
option |
- |
pass |
||||||||||||
|
|
|||||||||||||||
malformed-header-max-forwards |
Action for malformed Max-Forwards header. |
option |
- |
pass |
||||||||||||
|
|
|||||||||||||||
malformed-header-allow |
Action for malformed Allow header. |
option |
- |
pass |
||||||||||||
|
|
|||||||||||||||
malformed-header-p-asserted-identity |
Action for malformed P-Asserted-Identity header. |
option |
- |
pass |
||||||||||||
|
|
|||||||||||||||
malformed-header-no-require |
Action for malformed SIP messages without Require header. |
option |
- |
pass |
||||||||||||
|
|
|||||||||||||||
malformed-header-no-proxy-require |
Action for malformed SIP messages without Proxy-Require header. |
option |
- |
pass |
||||||||||||
|
|
|||||||||||||||
malformed-header-sdp-v |
Action for malformed SDP v line. |
option |
- |
pass |
||||||||||||
|
|
|||||||||||||||
malformed-header-sdp-o |
Action for malformed SDP o line. |
option |
- |
pass |
||||||||||||
|
|
|||||||||||||||
malformed-header-sdp-s |
Action for malformed SDP s line. |
option |
- |
pass |
||||||||||||
|
|
|||||||||||||||
malformed-header-sdp-i |
Action for malformed SDP i line. |
option |
- |
pass |
||||||||||||
|
|
|||||||||||||||
malformed-header-sdp-c |
Action for malformed SDP c line. |
option |
- |
pass |
||||||||||||
|
|
|||||||||||||||
malformed-header-sdp-b |
Action for malformed SDP b line. |
option |
- |
pass |
||||||||||||
|
|
|||||||||||||||
malformed-header-sdp-z |
Action for malformed SDP z line. |
option |
- |
pass |
||||||||||||
|
|
|||||||||||||||
malformed-header-sdp-k |
Action for malformed SDP k line. |
option |
- |
pass |
||||||||||||
|
|
|||||||||||||||
malformed-header-sdp-a |
Action for malformed SDP a line. |
option |
- |
pass |
||||||||||||
|
|
|||||||||||||||
malformed-header-sdp-t |
Action for malformed SDP t line. |
option |
- |
pass |
||||||||||||
|
|
|||||||||||||||
malformed-header-sdp-r |
Action for malformed SDP r line. |
option |
- |
pass |
||||||||||||
|
|
|||||||||||||||
malformed-header-sdp-m |
Action for malformed SDP m line. |
option |
- |
pass |
||||||||||||
|
|
|||||||||||||||
provisional-invite-expiry-time |
Expiry time for provisional INVITE. |
integer |
Minimum value: 10 Maximum value: 3600 |
210 |
||||||||||||
ips-rtp |
Enable/disable allow IPS on RTP. |
option |
- |
enable |
||||||||||||
|
|
|||||||||||||||
ssl-mode |
SSL/TLS mode for encryption & decryption of traffic. |
option |
- |
off |
||||||||||||
|
|
|||||||||||||||
ssl-send-empty-frags |
Send empty fragments to avoid attack on CBC IV (SSL 3.0 & TLS 1.0 only). |
option |
- |
enable |
||||||||||||
|
|
|||||||||||||||
ssl-client-renegotiation |
Allow/block client renegotiation by server. |
option |
- |
allow |
||||||||||||
|
|
|||||||||||||||
ssl-algorithm |
Relative strength of encryption algorithms accepted in negotiation. |
option |
- |
high |
||||||||||||
|
|
|||||||||||||||
ssl-pfs |
SSL Perfect Forward Secrecy. |
option |
- |
allow |
||||||||||||
|
|
|||||||||||||||
ssl-min-version |
Lowest SSL/TLS version to negotiate. |
option |
- |
tls-1.1 |
||||||||||||
|
|
|||||||||||||||
ssl-max-version |
Highest SSL/TLS version to negotiate. |
option |
- |
tls-1.3 |
||||||||||||
|
|
|||||||||||||||
ssl-client-certificate |
Name of Certificate to offer to server if requested. |
string |
Maximum length: 35 |
|
||||||||||||
ssl-server-certificate |
Name of Certificate return to the client in every SSL connection. |
string |
Maximum length: 35 |
|
||||||||||||
ssl-auth-client |
Require a client certificate and authenticate it with the peer/peergrp. |
string |
Maximum length: 35 |
|
||||||||||||
ssl-auth-server |
Authenticate the server's certificate with the peer/peergrp. |
string |
Maximum length: 35 |
|
config sccp
Parameter |
Description |
Type |
Size |
Default |
||||||
---|---|---|---|---|---|---|---|---|---|---|
status |
Enable/disable SCCP. |
option |
- |
enable |
||||||
|
|
|||||||||
block-mcast |
Enable/disable block multicast RTP connections. |
option |
- |
disable |
||||||
|
|
|||||||||
verify-header |
Enable/disable verify SCCP header content. |
option |
- |
disable |
||||||
|
|
|||||||||
log-call-summary |
Enable/disable log summary of SCCP calls. |
option |
- |
disable |
||||||
|
|
|||||||||
log-violations |
Enable/disable logging of SCCP violations. |
option |
- |
disable |
||||||
|
|
|||||||||
max-calls |
Maximum calls per minute per SCCP client (max 65535). |
integer |
Minimum value: 0 Maximum value: 65535 |
0 |
config msrp
Parameter |
Description |
Type |
Size |
Default |
||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
status |
Enable/disable MSRP. |
option |
- |
enable |
||||||||||
|
|
|||||||||||||
log-violations |
Enable/disable logging of MSRP violations. |
option |
- |
enable |
||||||||||
|
|
|||||||||||||
max-msg-size |
Maximum allowable MSRP message size . |
integer |
Minimum value: 0 Maximum value: 65535 |
0 |
||||||||||
max-msg-size-action |
Action for violation of max-msg-size. |
option |
- |
pass |
||||||||||
|
|