H.225 Analysis Configuration - Enterasys Intrusion Prevention System Manual

Configuring the Protocol Analysis Module
b. Select the direction of the traffic to be analyzed and click OK.
9. To add a Port Macro to the port list, click Add PortMacro. The Port Macro Selection dialog
box is displayed. Select the desired macro and click OK.
10. Click Commit to add your changes to the policy being configured.

H.225 Analysis Configuration

H.225 is the ITU-T's call signaling protocol that can be used in session establishment for Voice over
IP (VoIP). The H.225 protocol analyzer verifies that a legal message type is used, as defined in the
ITU-T H.225 specification. The protocol analyzer also verifies that the H.225 message contains all
of the mandatory IEs (Information Elements) and that any optional IEs used are legitimate. The
format for each IE is checked to be correct and that the values of each field is within the proper
range where applicable. Also, the H.225 Analyzer verifies that the User-User IE which is packed
using PER (Packed Encoding Rules) uses the correct protocol identifier. If any of these conditions
fail, then the H.225 protocol decoder raises an event [H225:INVALID-MESSAGE].
Analysis of this protocol is disabled by default because not all infrastructures support VoIP.
2-58 Creating Network Sensor Policies
Note: To display existing port macros and their definitions, or to add a new macro, click Default
Network Sensor Settings in the Network Policies tab of the Network Policy View. See
"Configuring Port Macros" on page 1-14 for information about creating or editing port macros.
Note: If the H.225 messages are encrypted, then the protocol decoder will generate an event for
every message.