SIP support
Configuring SIP
FortiGate Version 4.0 Administration Guide
01-400-89802-20090424
435
•
Blocking SIP requests
Since SIP requests can be transmitted via UDP, broadcast attacks are possible. To
prevent your site from being used as an intermediary in an attack, you can block various
SIP requests including ACK, INVITE, INFO, PRACK, and so on directed to broadcast
addresses at your router.
For example, you can type the following commands to block INVITE requests:
config application list
edit <list_name>
config entries
edit 12
set block-invite enable
end
end
Archiving SIP communication
You can content archive SIP call metadata. Depending on your log configuration, you can
view the archived information. For more information, see
From the CLI, type the following commands:
config application list
edit <list_name>
config entries
edit 12
set sip-archive-summary enable
end
end
Preserving NAT IP
In NAT operation mode, you can preserve the original source IP address in the SDP i line.
This allows the SIP server to parse this IP for billing purposes.
From the CLI, type the following commands:
config application list
edit <list_name>
config entries
edit 12
set nat-trace enable
end
end
In addition, you can overwrite or append the SDP i line:
config application list
edit <list_name>
config entries
edit 12
set preserve-override {enable | disable}
end
end
where selecting enable removes the original source IP address from the SDP i line and
disable appends the address.
Содержание Gate 60D
Страница 678: ...Reports Log Report FortiGate Version 4 0 Administration Guide 678 01 400 89802 20090424 http docs fortinet com Feedback...
Страница 704: ...Index FortiGate Version 4 0 Administration Guide 704 01 400 89802 20090424 http docs fortinet com Feedback...
Страница 705: ...www fortinet com...
Страница 706: ...www fortinet com...