config voip profile
Description: Configure VoIP profiles.
edit <name>
set comment {var-string}
config sip
Description: SIP.
set status [disable|enable]
set rtp [disable|enable]
set nat-port-range {user}
set open-register-pinhole [disable|enable]
set open-contact-pinhole [disable|enable]
set strict-register [disable|enable]
set register-rate {integer}
set invite-rate {integer}
set max-dialogs {integer}
set max-line-length {integer}
set block-long-lines [disable|enable]
set block-unknown [disable|enable]
set call-keepalive {integer}
set block-ack [disable|enable]
set block-bye [disable|enable]
set block-cancel [disable|enable]
set block-info [disable|enable]
set block-invite [disable|enable]
set block-message [disable|enable]
set block-notify [disable|enable]
set block-options [disable|enable]
set block-prack [disable|enable]
set block-publish [disable|enable]
set block-refer [disable|enable]
set block-register [disable|enable]
set block-subscribe [disable|enable]
set block-update [disable|enable]
set register-contact-trace [disable|enable]
set open-via-pinhole [disable|enable]
set open-record-route-pinhole [disable|enable]
set rfc2543-branch [disable|enable]
set log-violations [disable|enable]
set log-call-summary [disable|enable]
set nat-trace [disable|enable]
set subscribe-rate {integer}
set message-rate {integer}
set notify-rate {integer}
set refer-rate {integer}
set update-rate {integer}
set options-rate {integer}
set ack-rate {integer}
set prack-rate {integer}
set info-rate {integer}
set publish-rate {integer}
set bye-rate {integer}
set cancel-rate {integer}
set preserve-override [disable|enable]
set no-sdp-fixup [disable|enable]
set contact-fixup [disable|enable]
set max-idle-dialogs {integer}
set block-geo-red-options [disable|enable]
set hosted-nat-traversal [disable|enable]
set hnt-restrict-source-ip [disable|enable]
set max-body-length {integer}
set unknown-header [discard|pass|...]
set malformed-request-line [discard|pass|...]
set malformed-header-via [discard|pass|...]
set malformed-header-from [discard|pass|...]
set malformed-header-to [discard|pass|...]
set malformed-header-call-id [discard|pass|...]
set malformed-header-cseq [discard|pass|...]
set malformed-header-rack [discard|pass|...]
set malformed-header-rseq [discard|pass|...]
set malformed-header-contact [discard|pass|...]
set malformed-header-record-route [discard|pass|...]
set malformed-header-route [discard|pass|...]
set malformed-header-expires [discard|pass|...]
set malformed-header-content-type [discard|pass|...]
set malformed-header-content-length [discard|pass|...]
set malformed-header-max-forwards [discard|pass|...]
set malformed-header-allow [discard|pass|...]
set malformed-header-p-asserted-identity [discard|pass|...]
set malformed-header-sdp-v [discard|pass|...]
set malformed-header-sdp-o [discard|pass|...]
set malformed-header-sdp-s [discard|pass|...]
set malformed-header-sdp-i [discard|pass|...]
set malformed-header-sdp-c [discard|pass|...]
set malformed-header-sdp-b [discard|pass|...]
set malformed-header-sdp-z [discard|pass|...]
set malformed-header-sdp-k [discard|pass|...]
set malformed-header-sdp-a [discard|pass|...]
set malformed-header-sdp-t [discard|pass|...]
set malformed-header-sdp-r [discard|pass|...]
set malformed-header-sdp-m [discard|pass|...]
set provisional-invite-expiry-time {integer}
set ips-rtp [disable|enable]
set ssl-mode [off|full]
set ssl-send-empty-frags [enable|disable]
set ssl-client-renegotiation [allow|deny|...]
set ssl-algorithm [high|medium|...]
set ssl-pfs [require|deny|...]
set ssl-min-version [ssl-3.0|tls-1.0|...]
set ssl-max-version [ssl-3.0|tls-1.0|...]
set ssl-client-certificate {string}
set ssl-server-certificate {string}
set ssl-auth-client {string}
set ssl-auth-server {string}
end
config sccp
Description: SCCP.
set status [disable|enable]
set block-mcast [disable|enable]
set verify-header [disable|enable]
set log-call-summary [disable|enable]
set log-violations [disable|enable]
set max-calls {integer}
end
next
end| Parameter Name | Description | Type | Size |
|---|---|---|---|
| comment | Comment. | var-string | Maximum length: 255 |
| Parameter Name | Description | Type | Size |
|---|---|---|---|
| status | Enable/disable SIP. disable: Disable status. enable: Enable status. |
option | - |
| rtp | Enable/disable create pinholes for RTP traffic to traverse firewall. disable: Disable status. enable: Enable status. |
option | - |
| nat-port-range | RTP NAT port range. | user | Not Specified |
| open-register-pinhole | Enable/disable open pinhole for REGISTER Contact port. disable: Disable status. enable: Enable status. |
option | - |
| open-contact-pinhole | Enable/disable open pinhole for non-REGISTER Contact port. disable: Disable status. enable: Enable status. |
option | - |
| strict-register | Enable/disable only allow the registrar to connect. disable: Disable status. enable: Enable status. |
option | - |
| register-rate | REGISTER request rate limit (per second, per policy). | integer | Minimum value: 0 Maximum value: 4294967295 |
| invite-rate | INVITE request rate limit (per second, per policy). | integer | Minimum value: 0 Maximum value: 4294967295 |
| max-dialogs | Maximum number of concurrent calls/dialogs (per policy). | integer | Minimum value: 0 Maximum value: 4294967295 |
| max-line-length | Maximum SIP header line length (78-4096). | integer | Minimum value: 78 Maximum value: 4096 |
| block-long-lines | Enable/disable block requests with headers exceeding max-line-length. disable: Disable status. enable: Enable status. |
option | - |
| block-unknown | Block unrecognized SIP requests (enabled by default). disable: Disable status. enable: Enable status. |
option | - |
| call-keepalive | Continue tracking calls with no RTP for this many minutes. | integer | Minimum value: 0 Maximum value: 10080 |
| block-ack | Enable/disable block ACK requests. disable: Disable status. enable: Enable status. |
option | - |
| block-bye | Enable/disable block BYE requests. disable: Disable status. enable: Enable status. |
option | - |
| block-cancel | Enable/disable block CANCEL requests. disable: Disable status. enable: Enable status. |
option | - |
| block-info | Enable/disable block INFO requests. disable: Disable status. enable: Enable status. |
option | - |
| block-invite | Enable/disable block INVITE requests. disable: Disable status. enable: Enable status. |
option | - |
| block-message | Enable/disable block MESSAGE requests. disable: Disable status. enable: Enable status. |
option | - |
| block-notify | Enable/disable block NOTIFY requests. disable: Disable status. enable: Enable status. |
option | - |
| block-options | Enable/disable block OPTIONS requests and no OPTIONS as notifying message for redundancy either. disable: Disable status. enable: Enable status. |
option | - |
| block-prack | Enable/disable block prack requests. disable: Disable status. enable: Enable status. |
option | - |
| block-publish | Enable/disable block PUBLISH requests. disable: Disable status. enable: Enable status. |
option | - |
| block-refer | Enable/disable block REFER requests. disable: Disable status. enable: Enable status. |
option | - |
| block-register | Enable/disable block REGISTER requests. disable: Disable status. enable: Enable status. |
option | - |
| block-subscribe | Enable/disable block SUBSCRIBE requests. disable: Disable status. enable: Enable status. |
option | - |
| block-update | Enable/disable block UPDATE requests. disable: Disable status. enable: Enable status. |
option | - |
| register-contact-trace | Enable/disable trace original IP/port within the contact header of REGISTER requests. disable: Disable status. enable: Enable status. |
option | - |
| open-via-pinhole | Enable/disable open pinhole for Via port. disable: Disable status. enable: Enable status. |
option | - |
| open-record-route-pinhole | Enable/disable open pinhole for Record-Route port. disable: Disable status. enable: Enable status. |
option | - |
| rfc2543-branch | Enable/disable support via branch compliant with RFC 2543. disable: Disable status. enable: Enable status. |
option | - |
| log-violations | Enable/disable logging of SIP violations. disable: Disable status. enable: Enable status. |
option | - |
| log-call-summary | Enable/disable logging of SIP call summary. disable: Disable status. enable: Enable status. |
option | - |
| nat-trace | Enable/disable preservation of original IP in SDP i line. disable: Disable status. enable: Enable status. |
option | - |
| subscribe-rate | SUBSCRIBE request rate limit (per second, per policy). | integer | Minimum value: 0 Maximum value: 4294967295 |
| message-rate | MESSAGE request rate limit (per second, per policy). | integer | Minimum value: 0 Maximum value: 4294967295 |
| notify-rate | NOTIFY request rate limit (per second, per policy). | integer | Minimum value: 0 Maximum value: 4294967295 |
| refer-rate | REFER request rate limit (per second, per policy). | integer | Minimum value: 0 Maximum value: 4294967295 |
| update-rate | UPDATE request rate limit (per second, per policy). | integer | Minimum value: 0 Maximum value: 4294967295 |
| options-rate | OPTIONS request rate limit (per second, per policy). | integer | Minimum value: 0 Maximum value: 4294967295 |
| ack-rate | ACK request rate limit (per second, per policy). | integer | Minimum value: 0 Maximum value: 4294967295 |
| prack-rate | PRACK request rate limit (per second, per policy). | integer | Minimum value: 0 Maximum value: 4294967295 |
| info-rate | INFO request rate limit (per second, per policy). | integer | Minimum value: 0 Maximum value: 4294967295 |
| publish-rate | PUBLISH request rate limit (per second, per policy). | integer | Minimum value: 0 Maximum value: 4294967295 |
| bye-rate | BYE request rate limit (per second, per policy). | integer | Minimum value: 0 Maximum value: 4294967295 |
| cancel-rate | CANCEL request rate limit (per second, per policy). | integer | Minimum value: 0 Maximum value: 4294967295 |
| preserve-override | Override i line to preserve original IPS (default: append). disable: Disable status. enable: Enable status. |
option | - |
| no-sdp-fixup | Enable/disable no SDP fix-up. disable: Disable status. enable: Enable status. |
option | - |
| contact-fixup | Fixup contact anyway even if contact's IP:port doesn't match session's IP:port. disable: Disable status. enable: Enable status. |
option | - |
| max-idle-dialogs | Maximum number established but idle dialogs to retain (per policy). | integer | Minimum value: 0 Maximum value: 4294967295 |
| block-geo-red-options | Enable/disable block OPTIONS requests, but OPTIONS requests still notify for redundancy. disable: Disable status. enable: Enable status. |
option | - |
| hosted-nat-traversal | Hosted NAT Traversal (HNT). disable: Disable status. enable: Enable status. |
option | - |
| hnt-restrict-source-ip | Enable/disable restrict RTP source IP to be the same as SIP source IP when HNT is enabled. disable: Disable status. enable: Enable status. |
option | - |
| max-body-length | Maximum SIP message body length (0 meaning no limit). | integer | Minimum value: 0 Maximum value: 4294967295 |
| unknown-header | Action for unknown SIP header. discard: Discard malformed messages. pass: Bypass malformed messages. respond: Respond with error code. |
option | - |
| malformed-request-line | Action for malformed request line. discard: Discard malformed messages. pass: Bypass malformed messages. respond: Respond with error code. |
option | - |
| malformed-header-via | Action for malformed VIA header. discard: Discard malformed messages. pass: Bypass malformed messages. respond: Respond with error code. |
option | - |
| malformed-header-from | Action for malformed From header. discard: Discard malformed messages. pass: Bypass malformed messages. respond: Respond with error code. |
option | - |
| malformed-header-to | Action for malformed To header. discard: Discard malformed messages. pass: Bypass malformed messages. respond: Respond with error code. |
option | - |
| malformed-header-call-id | Action for malformed Call-ID header. discard: Discard malformed messages. pass: Bypass malformed messages. respond: Respond with error code. |
option | - |
| malformed-header-cseq | Action for malformed CSeq header. discard: Discard malformed messages. pass: Bypass malformed messages. respond: Respond with error code. |
option | - |
| malformed-header-rack | Action for malformed RAck header. discard: Discard malformed messages. pass: Bypass malformed messages. respond: Respond with error code. |
option | - |
| malformed-header-rseq | Action for malformed RSeq header. discard: Discard malformed messages. pass: Bypass malformed messages. respond: Respond with error code. |
option | - |
| malformed-header-contact | Action for malformed Contact header. discard: Discard malformed messages. pass: Bypass malformed messages. respond: Respond with error code. |
option | - |
| malformed-header-record-route | Action for malformed Record-Route header. discard: Discard malformed messages. pass: Bypass malformed messages. respond: Respond with error code. |
option | - |
| malformed-header-route | Action for malformed Route header. discard: Discard malformed messages. pass: Bypass malformed messages. respond: Respond with error code. |
option | - |
| malformed-header-expires | Action for malformed Expires header. discard: Discard malformed messages. pass: Bypass malformed messages. respond: Respond with error code. |
option | - |
| malformed-header-content-type | Action for malformed Content-Type header. discard: Discard malformed messages. pass: Bypass malformed messages. respond: Respond with error code. |
option | - |
| malformed-header-content-length | Action for malformed Content-Length header. discard: Discard malformed messages. pass: Bypass malformed messages. respond: Respond with error code. |
option | - |
| malformed-header-max-forwards | Action for malformed Max-Forwards header. discard: Discard malformed messages. pass: Bypass malformed messages. respond: Respond with error code. |
option | - |
| malformed-header-allow | Action for malformed Allow header. discard: Discard malformed messages. pass: Bypass malformed messages. respond: Respond with error code. |
option | - |
| malformed-header-p-asserted-identity | Action for malformed P-Asserted-Identity header. discard: Discard malformed messages. pass: Bypass malformed messages. respond: Respond with error code. |
option | - |
| malformed-header-sdp-v | Action for malformed SDP v line. discard: Discard malformed messages. pass: Bypass malformed messages. respond: Respond with error code. |
option | - |
| malformed-header-sdp-o | Action for malformed SDP o line. discard: Discard malformed messages. pass: Bypass malformed messages. respond: Respond with error code. |
option | - |
| malformed-header-sdp-s | Action for malformed SDP s line. discard: Discard malformed messages. pass: Bypass malformed messages. respond: Respond with error code. |
option | - |
| malformed-header-sdp-i | Action for malformed SDP i line. discard: Discard malformed messages. pass: Bypass malformed messages. respond: Respond with error code. |
option | - |
| malformed-header-sdp-c | Action for malformed SDP c line. discard: Discard malformed messages. pass: Bypass malformed messages. respond: Respond with error code. |
option | - |
| malformed-header-sdp-b | Action for malformed SDP b line. discard: Discard malformed messages. pass: Bypass malformed messages. respond: Respond with error code. |
option | - |
| malformed-header-sdp-z | Action for malformed SDP z line. discard: Discard malformed messages. pass: Bypass malformed messages. respond: Respond with error code. |
option | - |
| malformed-header-sdp-k | Action for malformed SDP k line. discard: Discard malformed messages. pass: Bypass malformed messages. respond: Respond with error code. |
option | - |
| malformed-header-sdp-a | Action for malformed SDP a line. discard: Discard malformed messages. pass: Bypass malformed messages. respond: Respond with error code. |
option | - |
| malformed-header-sdp-t | Action for malformed SDP t line. discard: Discard malformed messages. pass: Bypass malformed messages. respond: Respond with error code. |
option | - |
| malformed-header-sdp-r | Action for malformed SDP r line. discard: Discard malformed messages. pass: Bypass malformed messages. respond: Respond with error code. |
option | - |
| malformed-header-sdp-m | Action for malformed SDP m line. discard: Discard malformed messages. pass: Bypass malformed messages. respond: Respond with error code. |
option | - |
| provisional-invite-expiry-time | Expiry time for provisional INVITE (10 - 3600 sec). | integer | Minimum value: 10 Maximum value: 3600 |
| ips-rtp | Enable/disable allow IPS on RTP. disable: Disable status. enable: Enable status. |
option | - |
| ssl-mode | SSL/TLS mode for encryption & decryption of traffic. off: No SSL. full: Client to FortiGate and FortiGate to Server SSL. |
option | - |
| ssl-send-empty-frags | Send empty fragments to avoid attack on CBC IV (SSL 3.0 & TLS 1.0 only). enable: Send empty fragments. disable: Do not send empty fragments. |
option | - |
| ssl-client-renegotiation | Allow/block client renegotiation by server. allow: Allow a SSL client to renegotiate. deny: Abort any SSL connection that attempts to renegotiate. secure: Reject any SSL connection that does not offer a RFC 5746 Secure Renegotiation Indication. |
option | - |
| ssl-algorithm | Relative strength of encryption algorithms accepted in negotiation. high: High encryption. Allow only AES and ChaCha. medium: Medium encryption. Allow AES, ChaCha, 3DES, and RC4. low: Low encryption. Allow AES, ChaCha, 3DES, RC4, and DES. |
option | - |
| ssl-pfs | SSL Perfect Forward Secrecy. require: PFS mandatory. deny: PFS rejected. allow: PFS allowed. |
option | - |
| ssl-min-version | Lowest SSL/TLS version to negotiate. ssl-3.0: SSL 3.0. tls-1.0: TLS 1.0. tls-1.1: TLS 1.1. tls-1.2: TLS 1.2. tls-1.3: TLS 1.3. |
option | - |
| ssl-max-version | Highest SSL/TLS version to negotiate. ssl-3.0: SSL 3.0. tls-1.0: TLS 1.0. tls-1.1: TLS 1.1. tls-1.2: TLS 1.2. tls-1.3: TLS 1.3. |
option | - |
| ssl-client-certificate | Name of Certificate to offer to server if requested. | string | Maximum length: 35 |
| ssl-server-certificate | Name of Certificate return to the client in every SSL connection. | string | Maximum length: 35 |
| ssl-auth-client | Require a client certificate and authenticate it with the peer/peergrp. | string | Maximum length: 35 |
| ssl-auth-server | Authenticate the server's certificate with the peer/peergrp. | string | Maximum length: 35 |
| Parameter Name | Description | Type | Size |
|---|---|---|---|
| status | Enable/disable SCCP. disable: Disable status. enable: Enable status. |
option | - |
| block-mcast | Enable/disable block multicast RTP connections. disable: Disable status. enable: Enable status. |
option | - |
| verify-header | Enable/disable verify SCCP header content. disable: Disable status. enable: Enable status. |
option | - |
| log-call-summary | Enable/disable log summary of SCCP calls. disable: Disable status. enable: Enable status. |
option | - |
| log-violations | Enable/disable logging of SCCP violations. disable: Disable status. enable: Enable status. |
option | - |
| max-calls | Maximum calls per minute per SCCP client (max 65535). | integer | Minimum value: 0 Maximum value: 65535 |
config voip profile
Description: Configure VoIP profiles.
edit <name>
set comment {var-string}
config sip
Description: SIP.
set status [disable|enable]
set rtp [disable|enable]
set nat-port-range {user}
set open-register-pinhole [disable|enable]
set open-contact-pinhole [disable|enable]
set strict-register [disable|enable]
set register-rate {integer}
set invite-rate {integer}
set max-dialogs {integer}
set max-line-length {integer}
set block-long-lines [disable|enable]
set block-unknown [disable|enable]
set call-keepalive {integer}
set block-ack [disable|enable]
set block-bye [disable|enable]
set block-cancel [disable|enable]
set block-info [disable|enable]
set block-invite [disable|enable]
set block-message [disable|enable]
set block-notify [disable|enable]
set block-options [disable|enable]
set block-prack [disable|enable]
set block-publish [disable|enable]
set block-refer [disable|enable]
set block-register [disable|enable]
set block-subscribe [disable|enable]
set block-update [disable|enable]
set register-contact-trace [disable|enable]
set open-via-pinhole [disable|enable]
set open-record-route-pinhole [disable|enable]
set rfc2543-branch [disable|enable]
set log-violations [disable|enable]
set log-call-summary [disable|enable]
set nat-trace [disable|enable]
set subscribe-rate {integer}
set message-rate {integer}
set notify-rate {integer}
set refer-rate {integer}
set update-rate {integer}
set options-rate {integer}
set ack-rate {integer}
set prack-rate {integer}
set info-rate {integer}
set publish-rate {integer}
set bye-rate {integer}
set cancel-rate {integer}
set preserve-override [disable|enable]
set no-sdp-fixup [disable|enable]
set contact-fixup [disable|enable]
set max-idle-dialogs {integer}
set block-geo-red-options [disable|enable]
set hosted-nat-traversal [disable|enable]
set hnt-restrict-source-ip [disable|enable]
set max-body-length {integer}
set unknown-header [discard|pass|...]
set malformed-request-line [discard|pass|...]
set malformed-header-via [discard|pass|...]
set malformed-header-from [discard|pass|...]
set malformed-header-to [discard|pass|...]
set malformed-header-call-id [discard|pass|...]
set malformed-header-cseq [discard|pass|...]
set malformed-header-rack [discard|pass|...]
set malformed-header-rseq [discard|pass|...]
set malformed-header-contact [discard|pass|...]
set malformed-header-record-route [discard|pass|...]
set malformed-header-route [discard|pass|...]
set malformed-header-expires [discard|pass|...]
set malformed-header-content-type [discard|pass|...]
set malformed-header-content-length [discard|pass|...]
set malformed-header-max-forwards [discard|pass|...]
set malformed-header-allow [discard|pass|...]
set malformed-header-p-asserted-identity [discard|pass|...]
set malformed-header-sdp-v [discard|pass|...]
set malformed-header-sdp-o [discard|pass|...]
set malformed-header-sdp-s [discard|pass|...]
set malformed-header-sdp-i [discard|pass|...]
set malformed-header-sdp-c [discard|pass|...]
set malformed-header-sdp-b [discard|pass|...]
set malformed-header-sdp-z [discard|pass|...]
set malformed-header-sdp-k [discard|pass|...]
set malformed-header-sdp-a [discard|pass|...]
set malformed-header-sdp-t [discard|pass|...]
set malformed-header-sdp-r [discard|pass|...]
set malformed-header-sdp-m [discard|pass|...]
set provisional-invite-expiry-time {integer}
set ips-rtp [disable|enable]
set ssl-mode [off|full]
set ssl-send-empty-frags [enable|disable]
set ssl-client-renegotiation [allow|deny|...]
set ssl-algorithm [high|medium|...]
set ssl-pfs [require|deny|...]
set ssl-min-version [ssl-3.0|tls-1.0|...]
set ssl-max-version [ssl-3.0|tls-1.0|...]
set ssl-client-certificate {string}
set ssl-server-certificate {string}
set ssl-auth-client {string}
set ssl-auth-server {string}
end
config sccp
Description: SCCP.
set status [disable|enable]
set block-mcast [disable|enable]
set verify-header [disable|enable]
set log-call-summary [disable|enable]
set log-violations [disable|enable]
set max-calls {integer}
end
next
end| Parameter Name | Description | Type | Size |
|---|---|---|---|
| comment | Comment. | var-string | Maximum length: 255 |
| Parameter Name | Description | Type | Size |
|---|---|---|---|
| status | Enable/disable SIP. disable: Disable status. enable: Enable status. |
option | - |
| rtp | Enable/disable create pinholes for RTP traffic to traverse firewall. disable: Disable status. enable: Enable status. |
option | - |
| nat-port-range | RTP NAT port range. | user | Not Specified |
| open-register-pinhole | Enable/disable open pinhole for REGISTER Contact port. disable: Disable status. enable: Enable status. |
option | - |
| open-contact-pinhole | Enable/disable open pinhole for non-REGISTER Contact port. disable: Disable status. enable: Enable status. |
option | - |
| strict-register | Enable/disable only allow the registrar to connect. disable: Disable status. enable: Enable status. |
option | - |
| register-rate | REGISTER request rate limit (per second, per policy). | integer | Minimum value: 0 Maximum value: 4294967295 |
| invite-rate | INVITE request rate limit (per second, per policy). | integer | Minimum value: 0 Maximum value: 4294967295 |
| max-dialogs | Maximum number of concurrent calls/dialogs (per policy). | integer | Minimum value: 0 Maximum value: 4294967295 |
| max-line-length | Maximum SIP header line length (78-4096). | integer | Minimum value: 78 Maximum value: 4096 |
| block-long-lines | Enable/disable block requests with headers exceeding max-line-length. disable: Disable status. enable: Enable status. |
option | - |
| block-unknown | Block unrecognized SIP requests (enabled by default). disable: Disable status. enable: Enable status. |
option | - |
| call-keepalive | Continue tracking calls with no RTP for this many minutes. | integer | Minimum value: 0 Maximum value: 10080 |
| block-ack | Enable/disable block ACK requests. disable: Disable status. enable: Enable status. |
option | - |
| block-bye | Enable/disable block BYE requests. disable: Disable status. enable: Enable status. |
option | - |
| block-cancel | Enable/disable block CANCEL requests. disable: Disable status. enable: Enable status. |
option | - |
| block-info | Enable/disable block INFO requests. disable: Disable status. enable: Enable status. |
option | - |
| block-invite | Enable/disable block INVITE requests. disable: Disable status. enable: Enable status. |
option | - |
| block-message | Enable/disable block MESSAGE requests. disable: Disable status. enable: Enable status. |
option | - |
| block-notify | Enable/disable block NOTIFY requests. disable: Disable status. enable: Enable status. |
option | - |
| block-options | Enable/disable block OPTIONS requests and no OPTIONS as notifying message for redundancy either. disable: Disable status. enable: Enable status. |
option | - |
| block-prack | Enable/disable block prack requests. disable: Disable status. enable: Enable status. |
option | - |
| block-publish | Enable/disable block PUBLISH requests. disable: Disable status. enable: Enable status. |
option | - |
| block-refer | Enable/disable block REFER requests. disable: Disable status. enable: Enable status. |
option | - |
| block-register | Enable/disable block REGISTER requests. disable: Disable status. enable: Enable status. |
option | - |
| block-subscribe | Enable/disable block SUBSCRIBE requests. disable: Disable status. enable: Enable status. |
option | - |
| block-update | Enable/disable block UPDATE requests. disable: Disable status. enable: Enable status. |
option | - |
| register-contact-trace | Enable/disable trace original IP/port within the contact header of REGISTER requests. disable: Disable status. enable: Enable status. |
option | - |
| open-via-pinhole | Enable/disable open pinhole for Via port. disable: Disable status. enable: Enable status. |
option | - |
| open-record-route-pinhole | Enable/disable open pinhole for Record-Route port. disable: Disable status. enable: Enable status. |
option | - |
| rfc2543-branch | Enable/disable support via branch compliant with RFC 2543. disable: Disable status. enable: Enable status. |
option | - |
| log-violations | Enable/disable logging of SIP violations. disable: Disable status. enable: Enable status. |
option | - |
| log-call-summary | Enable/disable logging of SIP call summary. disable: Disable status. enable: Enable status. |
option | - |
| nat-trace | Enable/disable preservation of original IP in SDP i line. disable: Disable status. enable: Enable status. |
option | - |
| subscribe-rate | SUBSCRIBE request rate limit (per second, per policy). | integer | Minimum value: 0 Maximum value: 4294967295 |
| message-rate | MESSAGE request rate limit (per second, per policy). | integer | Minimum value: 0 Maximum value: 4294967295 |
| notify-rate | NOTIFY request rate limit (per second, per policy). | integer | Minimum value: 0 Maximum value: 4294967295 |
| refer-rate | REFER request rate limit (per second, per policy). | integer | Minimum value: 0 Maximum value: 4294967295 |
| update-rate | UPDATE request rate limit (per second, per policy). | integer | Minimum value: 0 Maximum value: 4294967295 |
| options-rate | OPTIONS request rate limit (per second, per policy). | integer | Minimum value: 0 Maximum value: 4294967295 |
| ack-rate | ACK request rate limit (per second, per policy). | integer | Minimum value: 0 Maximum value: 4294967295 |
| prack-rate | PRACK request rate limit (per second, per policy). | integer | Minimum value: 0 Maximum value: 4294967295 |
| info-rate | INFO request rate limit (per second, per policy). | integer | Minimum value: 0 Maximum value: 4294967295 |
| publish-rate | PUBLISH request rate limit (per second, per policy). | integer | Minimum value: 0 Maximum value: 4294967295 |
| bye-rate | BYE request rate limit (per second, per policy). | integer | Minimum value: 0 Maximum value: 4294967295 |
| cancel-rate | CANCEL request rate limit (per second, per policy). | integer | Minimum value: 0 Maximum value: 4294967295 |
| preserve-override | Override i line to preserve original IPS (default: append). disable: Disable status. enable: Enable status. |
option | - |
| no-sdp-fixup | Enable/disable no SDP fix-up. disable: Disable status. enable: Enable status. |
option | - |
| contact-fixup | Fixup contact anyway even if contact's IP:port doesn't match session's IP:port. disable: Disable status. enable: Enable status. |
option | - |
| max-idle-dialogs | Maximum number established but idle dialogs to retain (per policy). | integer | Minimum value: 0 Maximum value: 4294967295 |
| block-geo-red-options | Enable/disable block OPTIONS requests, but OPTIONS requests still notify for redundancy. disable: Disable status. enable: Enable status. |
option | - |
| hosted-nat-traversal | Hosted NAT Traversal (HNT). disable: Disable status. enable: Enable status. |
option | - |
| hnt-restrict-source-ip | Enable/disable restrict RTP source IP to be the same as SIP source IP when HNT is enabled. disable: Disable status. enable: Enable status. |
option | - |
| max-body-length | Maximum SIP message body length (0 meaning no limit). | integer | Minimum value: 0 Maximum value: 4294967295 |
| unknown-header | Action for unknown SIP header. discard: Discard malformed messages. pass: Bypass malformed messages. respond: Respond with error code. |
option | - |
| malformed-request-line | Action for malformed request line. discard: Discard malformed messages. pass: Bypass malformed messages. respond: Respond with error code. |
option | - |
| malformed-header-via | Action for malformed VIA header. discard: Discard malformed messages. pass: Bypass malformed messages. respond: Respond with error code. |
option | - |
| malformed-header-from | Action for malformed From header. discard: Discard malformed messages. pass: Bypass malformed messages. respond: Respond with error code. |
option | - |
| malformed-header-to | Action for malformed To header. discard: Discard malformed messages. pass: Bypass malformed messages. respond: Respond with error code. |
option | - |
| malformed-header-call-id | Action for malformed Call-ID header. discard: Discard malformed messages. pass: Bypass malformed messages. respond: Respond with error code. |
option | - |
| malformed-header-cseq | Action for malformed CSeq header. discard: Discard malformed messages. pass: Bypass malformed messages. respond: Respond with error code. |
option | - |
| malformed-header-rack | Action for malformed RAck header. discard: Discard malformed messages. pass: Bypass malformed messages. respond: Respond with error code. |
option | - |
| malformed-header-rseq | Action for malformed RSeq header. discard: Discard malformed messages. pass: Bypass malformed messages. respond: Respond with error code. |
option | - |
| malformed-header-contact | Action for malformed Contact header. discard: Discard malformed messages. pass: Bypass malformed messages. respond: Respond with error code. |
option | - |
| malformed-header-record-route | Action for malformed Record-Route header. discard: Discard malformed messages. pass: Bypass malformed messages. respond: Respond with error code. |
option | - |
| malformed-header-route | Action for malformed Route header. discard: Discard malformed messages. pass: Bypass malformed messages. respond: Respond with error code. |
option | - |
| malformed-header-expires | Action for malformed Expires header. discard: Discard malformed messages. pass: Bypass malformed messages. respond: Respond with error code. |
option | - |
| malformed-header-content-type | Action for malformed Content-Type header. discard: Discard malformed messages. pass: Bypass malformed messages. respond: Respond with error code. |
option | - |
| malformed-header-content-length | Action for malformed Content-Length header. discard: Discard malformed messages. pass: Bypass malformed messages. respond: Respond with error code. |
option | - |
| malformed-header-max-forwards | Action for malformed Max-Forwards header. discard: Discard malformed messages. pass: Bypass malformed messages. respond: Respond with error code. |
option | - |
| malformed-header-allow | Action for malformed Allow header. discard: Discard malformed messages. pass: Bypass malformed messages. respond: Respond with error code. |
option | - |
| malformed-header-p-asserted-identity | Action for malformed P-Asserted-Identity header. discard: Discard malformed messages. pass: Bypass malformed messages. respond: Respond with error code. |
option | - |
| malformed-header-sdp-v | Action for malformed SDP v line. discard: Discard malformed messages. pass: Bypass malformed messages. respond: Respond with error code. |
option | - |
| malformed-header-sdp-o | Action for malformed SDP o line. discard: Discard malformed messages. pass: Bypass malformed messages. respond: Respond with error code. |
option | - |
| malformed-header-sdp-s | Action for malformed SDP s line. discard: Discard malformed messages. pass: Bypass malformed messages. respond: Respond with error code. |
option | - |
| malformed-header-sdp-i | Action for malformed SDP i line. discard: Discard malformed messages. pass: Bypass malformed messages. respond: Respond with error code. |
option | - |
| malformed-header-sdp-c | Action for malformed SDP c line. discard: Discard malformed messages. pass: Bypass malformed messages. respond: Respond with error code. |
option | - |
| malformed-header-sdp-b | Action for malformed SDP b line. discard: Discard malformed messages. pass: Bypass malformed messages. respond: Respond with error code. |
option | - |
| malformed-header-sdp-z | Action for malformed SDP z line. discard: Discard malformed messages. pass: Bypass malformed messages. respond: Respond with error code. |
option | - |
| malformed-header-sdp-k | Action for malformed SDP k line. discard: Discard malformed messages. pass: Bypass malformed messages. respond: Respond with error code. |
option | - |
| malformed-header-sdp-a | Action for malformed SDP a line. discard: Discard malformed messages. pass: Bypass malformed messages. respond: Respond with error code. |
option | - |
| malformed-header-sdp-t | Action for malformed SDP t line. discard: Discard malformed messages. pass: Bypass malformed messages. respond: Respond with error code. |
option | - |
| malformed-header-sdp-r | Action for malformed SDP r line. discard: Discard malformed messages. pass: Bypass malformed messages. respond: Respond with error code. |
option | - |
| malformed-header-sdp-m | Action for malformed SDP m line. discard: Discard malformed messages. pass: Bypass malformed messages. respond: Respond with error code. |
option | - |
| provisional-invite-expiry-time | Expiry time for provisional INVITE (10 - 3600 sec). | integer | Minimum value: 10 Maximum value: 3600 |
| ips-rtp | Enable/disable allow IPS on RTP. disable: Disable status. enable: Enable status. |
option | - |
| ssl-mode | SSL/TLS mode for encryption & decryption of traffic. off: No SSL. full: Client to FortiGate and FortiGate to Server SSL. |
option | - |
| ssl-send-empty-frags | Send empty fragments to avoid attack on CBC IV (SSL 3.0 & TLS 1.0 only). enable: Send empty fragments. disable: Do not send empty fragments. |
option | - |
| ssl-client-renegotiation | Allow/block client renegotiation by server. allow: Allow a SSL client to renegotiate. deny: Abort any SSL connection that attempts to renegotiate. secure: Reject any SSL connection that does not offer a RFC 5746 Secure Renegotiation Indication. |
option | - |
| ssl-algorithm | Relative strength of encryption algorithms accepted in negotiation. high: High encryption. Allow only AES and ChaCha. medium: Medium encryption. Allow AES, ChaCha, 3DES, and RC4. low: Low encryption. Allow AES, ChaCha, 3DES, RC4, and DES. |
option | - |
| ssl-pfs | SSL Perfect Forward Secrecy. require: PFS mandatory. deny: PFS rejected. allow: PFS allowed. |
option | - |
| ssl-min-version | Lowest SSL/TLS version to negotiate. ssl-3.0: SSL 3.0. tls-1.0: TLS 1.0. tls-1.1: TLS 1.1. tls-1.2: TLS 1.2. tls-1.3: TLS 1.3. |
option | - |
| ssl-max-version | Highest SSL/TLS version to negotiate. ssl-3.0: SSL 3.0. tls-1.0: TLS 1.0. tls-1.1: TLS 1.1. tls-1.2: TLS 1.2. tls-1.3: TLS 1.3. |
option | - |
| ssl-client-certificate | Name of Certificate to offer to server if requested. | string | Maximum length: 35 |
| ssl-server-certificate | Name of Certificate return to the client in every SSL connection. | string | Maximum length: 35 |
| ssl-auth-client | Require a client certificate and authenticate it with the peer/peergrp. | string | Maximum length: 35 |
| ssl-auth-server | Authenticate the server's certificate with the peer/peergrp. | string | Maximum length: 35 |
| Parameter Name | Description | Type | Size |
|---|---|---|---|
| status | Enable/disable SCCP. disable: Disable status. enable: Enable status. |
option | - |
| block-mcast | Enable/disable block multicast RTP connections. disable: Disable status. enable: Enable status. |
option | - |
| verify-header | Enable/disable verify SCCP header content. disable: Disable status. enable: Enable status. |
option | - |
| log-call-summary | Enable/disable log summary of SCCP calls. disable: Disable status. enable: Enable status. |
option | - |
| log-violations | Enable/disable logging of SCCP violations. disable: Disable status. enable: Enable status. |
option | - |
| max-calls | Maximum calls per minute per SCCP client (max 65535). | integer | Minimum value: 0 Maximum value: 65535 |