pptp-ctl can be used for this purpose.
Alternatively, a new custom service object can be defined, for example called pptp_service. The
service must have the following characteristics:
i.
Select the Type (the protocol) as TCP.
ii.
The Source port range can be the default of 0-65535.
iii.
Set the Destination port to be 1723.
iv.
Select the ALG to be the PPTP ALG object that was defined in the first step. In this case, it
was called pptp_alg.
•
Associate this service object with the NAT IP rule that permits the traffic to flow from clients to
the remote endpoint of the PPTP tunnel. This may be the rule that NATs the traffic out to the
Internet with a destination network of all-nets.
The single IP rule below shows how the custom service object called pptp_service is associated
with a typical NAT rule. The clients, which are the local end point of the PPTP tunnels, are
located behind the firewall on the network lannet which is connected to the lan interface. The
Internet is found on the wan interface which is the destination interface, with all-nets as the
destination network.
Action
Src Interface
Src Network
Dest Interface
Dest Network
Service
NAT
lan
lannet
wan
all-nets
pptp_service
PPTP ALG Settings
The following settings are available for the PPTP ALG:
Name
A descriptive name for the ALG.
Echo timeout
Idle timeout for Echo messages in the PPTP tunnel.
Idle timeout
Idle timeout for user traffic messages in the PPTP tunnel.
In most cases only the name needs to be defined and the other settings can be left at their defaults.
6.2.8. The SIP ALG
Session Initiation Protocol (SIP) is an ASCII (UTF-8) text based signalling protocol used to
establish sessions between clients in an IP network. It is a request-response protocol that resembles
HTTP and SMTP. The session which SIP sets up might consist of a Voice-Over-IP (VoIP)
telephone call or it could be a collaborative multi-media conference. Using SIP with VoIP means
that telephony can become another IP application which can integrate into other services.
SIP does not know about the details of a session's content and is only responsible for initiating,
terminating and modifying sessions. Sessions set up by SIP are typically used for the streaming of
audio and video over the Internet using the RTP/RTCP protocol (which is based on UDP) but they
might also involve traffic based on the TCP protocol. A RTP/RTCP based sessions might also
involve TCP or TLS based traffic in the same session.
SIP is defined by IETF RFC 3261 and is considered an important standard for VoIP communication.
It is comparable to H.323 but a design goal with SIP was to make it more scalable than H.323. (For
VoIP see also Section 6.2.9, “The H.323 ALG”.)
6.2.8. The SIP ALG
Chapter 6. Security Mechanisms
270
Содержание DFL-1600 - Security Appliance
Страница 27: ...1 3 NetDefendOS State Engine Packet Flow Chapter 1 NetDefendOS Overview 27 ...
Страница 79: ...2 7 3 Restore to Factory Defaults Chapter 2 Management and Maintenance 79 ...
Страница 146: ...3 9 DNS Chapter 3 Fundamentals 146 ...
Страница 227: ...4 7 5 Advanced Settings for Transparent Mode Chapter 4 Routing 227 ...
Страница 241: ...5 4 IP Pools Chapter 5 DHCP Services 241 ...
Страница 339: ...6 7 Blacklisting Hosts and Networks Chapter 6 Security Mechanisms 339 ...
Страница 360: ...7 4 7 SAT and FwdFast Rules Chapter 7 Address Translation 360 ...
Страница 382: ...8 3 Customizing HTML Pages Chapter 8 User Authentication 382 ...
Страница 386: ... The TLS ALG 9 1 5 The TLS Alternative for VPN Chapter 9 VPN 386 ...
Страница 439: ...Figure 9 3 PPTP Client Usage 9 5 4 PPTP L2TP Clients Chapter 9 VPN 439 ...
Страница 450: ...9 7 6 Specific Symptoms Chapter 9 VPN 450 ...
Страница 488: ...10 4 6 Setting Up SLB_SAT Rules Chapter 10 Traffic Management 488 ...
Страница 503: ...11 6 HA Advanced Settings Chapter 11 High Availability 503 ...
Страница 510: ...12 3 5 Limitations Chapter 12 ZoneDefense 510 ...
Страница 533: ...13 9 Miscellaneous Settings Chapter 13 Advanced Settings 533 ...