Configuring SIP
SIP support
FortiGate Version 4.0 Administration Guide
432
01-400-89802-20090424
You need to configure the FortiOS SIP support in the following order:
1
Create a firewall protection profile that enables SIP (see
setting rate limiting from the web-based manager” on page 432
).
Once the profile is included in a policy, the ALG will parse the SIP traffic and open the
RTP ports for each specific VoIP call.
When creating a protection profile, you configure SIP features using the web-based
manager and CLI. You then apply the profile to a firewall policy. You can apply a profile
to multiple policies.
2
Create a firewall policy that allows SIP and includes a SIP-enabled protection profile.
Specifically, select the “SIP” or “Any” pre-defined service for the policy.
When the FortiGate unit receives a SIP packet, it checks the packet against the firewall
policies. If the packet matches a policy, the FortiGate firewall inspects and processes
the packet according to the SIP profile applied to the policy.
For more information about firewall policies, see
.
3
Configure advanced SIP features as required (see
Configuring SIP
You can enable SIP support, set two rate limits, enable SIP logging, and view SIP
statistics using the web-based manager. You need to configure most features, however,
through the CLI.
Enabling SIP support and setting rate limiting from the web-based manager
To enable SIP support you need to:
•
enable SIP in an application control list
•
select this application control list in a protection profile
•
add this protection profile to a firewall policy that accepts SIP traffic.
From the web-based manager, you can also configure some SIP rate limiting settings.
Rate limiting for SIP also limits SIMPLE traffic. SIP rate limiting is useful for protecting a
SIP server within a company. Most SIP servers do not have integrated controls and it is
very easy to flood SIP servers with INVITE or REGISTER requests.
To enable SIP and set rate limiting from the web-based manager
1
Go to
UTM > Application Control
.
2
If you want to enable SIP for an existing application control list, select the
Edit
icon for
an application control list. Otherwise, select
Create New
to add a new application list.
3
Then, select
Create New
in the application list to add a new application to the
application control list.
4
Set
Application
to
SIP
.
5
Select
OK
.
6
Make sure the application control list is selected in a protection profile and that the
protection profile is added to a firewall policy.
For more information about application control, see
“Application Control” on page 523
.
Содержание Gate 60D
Страница 678: ...Reports Log Report FortiGate Version 4 0 Administration Guide 678 01 400 89802 20090424 http docs fortinet com Feedback...
Страница 704: ...Index FortiGate Version 4 0 Administration Guide 704 01 400 89802 20090424 http docs fortinet com Feedback...
Страница 705: ...www fortinet com...
Страница 706: ...www fortinet com...