Enabling Sip Logging; Enabling Advanced Sip Features In An Application List - Fortinet FortiGate Series Administration Manual

Configuring SIP
Setting SIP rate limiting from the CLI
More about rate limiting

Enabling SIP logging

Enabling advanced SIP features in an application list

512
Use the following command to enable SIP support in an application list and configure SIP
rate limiting:
config application list
edit <list_name>
config entries
edit 1
set category voip
set application SIP
set register-rate 100
set invite-rate 30
end
end
FortiGate units support rate limiting for the following types of VoIP traffic:
• Session Initiation Protocol (SIP)
• Skinny Call Control Protocol (SCCP)
• Session Initiation Protocol for Instant Messaging and Presence Leveraging Extensions
(SIMPLE).
You can use rate limiting of these VoIP protocols to protect the FortiGate unit and your
network from SIP and SCCP Denial of Service (DoS) attacks. Rate limiting protects
against SIP DoS attacks by limiting the number of SIP REGISTER and INVITE requests
that the FortiGate unit receives per second. Rate limiting protects against SCCP DoS
attacks by limiting the number of SCCP call setup messages that the FortiGate unit
receives per minute.
When VoIP rate limiting is enabled, if the FortiGate unit receives more messages per
second (or minute) than the configured rate, the extra messages are dropped.
If you are experiencing denial of service attacks from traffic using these VoIP protocols,
you can enable VoIP rate limiting and limit the rates for your network. Limit the rates
depending on the amount of SIP and SCCP traffic that you expect the FortiGate unit to be
handling. You can adjust the settings if some calls are lost or if the amount of SIP or
SCCP traffic is affecting FortiGate unit performance.
From the CLI you can configure additional SIP, SCCP, as well as SIMPLE extensions. For
more information, see the description of the config sip, config sccp, and config
simple subcommands of the application command in the
You can also block SIMPLE sessions by enabling block login for the SIMPLE application.
For more information, see
You can log SIP events in a protection profile.
Go to Firewall > Protection Profile. Open an existing profile or select Create New to create
a new profile. Expand Logging. Select Log VoIP Activity to log VoIP events.
For more information about enabling and configuring logging, see
page 709.
You can configure advanced SIP features for an application list.
"Application Control" on page
FortiGate Version 4.0 MR1 Administration Guide
FortiGate CLI Reference.
603.
"Log&Report" on
01-410-89802-20090903
http://docs.fortinet.com/
SIP support
• Feedback