Enable MGCP ALG
|
Enables or disables the MGCP ALG.
|
Click the check box.
|
Inactive Media Timeout
|
Specifies the maximum length of time (in seconds) a call can
remain active without any media (RTP or RTCP) traffic within a group.
Each time an RTP or RTCP packet occurs within a call, this timeout
resets. When the period of inactivity exceeds this setting, the temporary
openings (pinholes) in the firewall SIP ALG opened for media are closed.
The default setting is 120 seconds, the range is from 10 to 2550 seconds.
Note that upon timeout, while resources for media (sessions and pinholes)
are removed, the call is not terminated.
|
Select a value between 10 and 2,550 seconds.
|
Maximum Call Duration
|
Sets the absolute maximum length of a call. When a call exceeds
this parameter setting, the SIP ALG tears down the call and releases
the media sessions. The default setting is 720 minutes, the range
is from 3 to 7200 minutes.
|
Select a value between 3 and 7,200 minutes.
|
Transaction Timeout
|
Specifies a timeout value for MGCP transactions. A transaction
is a signalling message, for example, a NTFY from the gateway to the
call agent or a 200 OK from the call agent to the gateway. The Juniper
Networks device tracks these transactions, and clears them when they
time out.
|
Enter a value from 3 to 50 seconds.
|
Connection Flood Threshold
|
Limits the number of new connection requests allowed per Media
Gateway (MG) per second. Messages exceeding the ALG.
|
Enter a value from 2 to 10,000.
|
Message Flood Threshold
|
Limits the rate per second at which message requests to the
Media Gateway are processed. Messages exceeding the threshold are
dropped by the Media Gateway Control Protocol (MGCP) Application Layer
Gateway (ALG). This feature is disabled by default.
|
Enter a value from 2 to 50,000 seconds per media gateway.
|
Permit NAT Applied Unknown Message
|
Specifies how unidentified SIP messages are handled by the Juniper
Networks device. The default is to drop unknown (unsupported) messages.
Permitting unknown messages can compromise security and is not recommended.
However, in a secure test or production environment, this statement
can be useful for resolving interoperability issues with disparate
vendor equipment. By permitting unknown SIP (unsupported) messages,
you can get your network operational and later analyze your VoIP traffic
to determine why some messages were being dropped.
This statement applies only to received packets identified as
supported VoIP packets. If a packet cannot be identified, it is always
dropped. If a packet is identified as a supported protocol, the message
is forwarded without processing.
|
Click the check box.
|
Permit Routed Unknown Message
|
Specifies that unknown messages be allowed to pass if the session
is in Route mode. (Sessions in Transparent mode are treated as Route
mode.)
|
Click the check box.
|
Attack Protection
|
Protects servers against INVITE attacks. Configure the SIP application
screen to protect the server at some or all destination IP addresses
against INVITE attacks. You can include up to 16 destination IP addresses
of servers to be protected.
|
Select None, All or, if you select Destination
IP, enter or select an IP address.
|
