MGCP Security

The MGCP ALG includes the following security features:

• Denial of Service (DoS) attack protection.—the ALG performs stateful inspection at the UDP packet level, the transaction level, and at the call level. MGCP packets matching the RFC3435 message format, transaction state, and call state, are processed. All other messages are dropped.
• Security policy enforcement between gateway and gateway controller (signaling policy).
• Security policy enforcement between gateways (media policy).
• Per-gateway MGCP message flooding control. Any malfunctioning or hacked gateway will not disrupt the whole VoIP network. Combined with per-gateway flooding control, damage is contained within the impacted gateway.
• Per-gateway MGCP connection flooding control.
• Seamless switchover/failover if calls, including calls in progress, are switched to the standby firewall in case of system failure.