Session Inactivity Timeout In Screenos Devices Overview - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01 Manual

Configuring ScreenOS Devices Guide
Table 72: Information for Pinhole Creation (continued)
Field
Destination port
Lifetime
Related
Documentation

Session Inactivity Timeout in ScreenOS Devices Overview

Related
Documentation
290
Description
The parser extracts the destination port number for RTP from the m= field in the media level
and calculates the destination port number for RTCP using the following formula:
RTP port number + one
This value indicates the length of time (in seconds) during which a pinhole is open to allow a
packet through. A packet must go through the pinhole before the lifetime expires. When the
lifetime expires, the SIP ALG removes the pinhole. When a packet goes through the pinhole
within the lifetime period, immediately afterwards the SIP ALG removes the pinhole for the
direction from which the packet came.
SIP ALG Overview on page 281
ALG Overview on page 286
Session Inactivity Timeout in ScreenOS Devices Overview on page 290
Typically a call ends when one of the clients sends a BYE or CANCEL request. The SIP
ALG intercepts the BYE or CANCEL request and removes all media sessions for that call.
There could be reasons or problems preventing clients in a call from sending BYE or
CANCEL requests, for example, a power failure. In this case, the call might go on
indefinitely, consuming resources on the security device. The inactivity-timeout feature
helps the security device to monitor the liveliness of the call and terminate it if there is
no activity for a specific period of time.
A call can have one or more voice channels. Each voice channel has two sessions (or two
media streams), one for RTP and one for RTCP. When managing the sessions, the security
device considers the sessions in each voice channel as one group. Settings such as the
inactivity timeout apply to a group as opposed to each session.
Signaling-inactivity timeout— This parameter indicates the maximum length of time
(in seconds) a call can remain active without any SIP-signaling traffic. Each time a
SIP-signaling message occurs within a call, this timeout resets. The default setting is
43,200 seconds (12 hours).
Media-inactivity timeout— This parameter indicates the maximum length of time (in
seconds) a call can remain active without any media (RTP or RTCP) traffic within a
group. Each time an RTP or RTCP packet occurs within a call, this timeout resets. The
default setting is 120 seconds.
If either of these timeouts expires, the security device removes all sessions for this call
from its table, thus terminating the call.
SIP ALG Overview on page 281
SIP Request Methods Supported in ScreenOS Devices on page 282
Copyright © 2010, Juniper Networks, Inc.