Configuring Mgcp Settings - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01 Manual

Configuring ScreenOS Devices Guide

Configuring MGCP Settings

118
To configure Media Gateway Control Protocol (MGCP), use the MGCP Settings option.
MGCP is a text-based, Application Layer protocol that can be used for call setup and call
control. The protocol is based on a master/slave call control architecture: the media
gateway controller (call agent) maintains call control intelligence, and media gateways
carry out the instructions from the call agent.
Setting MGCP Inactivity Timeouts
You can configure the following types of inactivity timeouts that determine the lifetime
of a group:
Inactive Media Timeout in seconds—This parameter indicates the range a call can
remain inactive without any MGCP traffic. Each time an MGCP message occurs within
a call, this timeout resets. If the timeout value is reached, the security device removes
all sessions for this call from its table, thus terminating the call. The default setting is
120 seconds and the range of values is 10 to 255 seconds.
Transaction Timeout in seconds—This parameter indicates the range of time a call
can remain inactive between the gateway and the certificate authority (CA). If the
timeout value is reached, the security device removes all sessions for this call from its
table, thus terminating the call. The default setting is 30 seconds and the available
values range from 5 to 50 seconds.
Maximum call duration in minutes—This parameter indicates the maximum length of
time a call can remain inactive between the gateway and the certificate authority (CA).
The call is cleared if the transaction times out. The default is 720 minutes.
As a firewall, it might be necessary to parse all messages strictly and drop the unidentified
messages. However, the following options are available to pass messages that cannot
be decoded by the device in either Route mode or NAT mode:
Pass unidentified MGCP message in route mode
Pass unidentified MGCP message in NAT mode
Configuring MGCP Firewall Features
The MGCP firewall features allow you to enable flood protection to and from the gateway.
Connection Flood Protection to/from Gateway—Control pinhole connections by setting
a limit to the rate of CRCX command processing. CRCX commands that exceed the
limit are dropped. The range is 1 to 65,535 and the default is 1,000.
Message Flood Protection to/from Gateway—Messages are dropped if they arrive at
a rate (in seconds) higher than the configured rate. The range is 1 to 200 and the default
is 200 seconds.
For more information about configuring MGCP on security devices, see the "Fundamentals"
volume in the Concepts & Examples ScreenOS Reference Guide.
Copyright © 2010, Juniper Networks, Inc.