Managing The Application Level Gateway For Sip Sessions - NETGEAR SRX5308 - ProSafe® Quad WAN Gigabit SSL VPN Firewall Reference Manual

ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual
Table 4-5. Session Limit Settings (continued)
Setting
User Limit
Total Number of
Packets Dropped due
to Session Limit
Session Timeout
TCP Timeout
UDP Timeout
ICMP Timeout
5. Click Apply to save your settings.

Managing the Application Level Gateway for SIP Sessions

The application level gateway (ALG) facilitates multimedia sessions such as voice over IP (VoIP)
sessions that use the Session Initiation Protocol (SIP) across the firewall and provides support for
multiple SIP clients. ALG support for SIP is disabled by default.
To enable ALG for SIP:
1. Select Security > Firewall from the menu. The Firewall submenu tabs display.
2. Click the Advanced submenu tab. The Advanced screen displays (see
4-31).
4-30
Description (or Subfield and Description)
Enter a number to indicate the user limit.
If the User Limit Parameter is set to Percentage of Max Sessions, the number
specifies the maximum number of sessions that are allowed from a single-
source device as a percentage of the total session connection capacity of the
VPN firewall. (The session limit is per-device based.)
If the User Limit Parameter is set to Number of Sessions, the number specifies
an absolute value.
Note: Some protocols such as FTP and RSTP create two sessions per
connection, which should be considered when configuring a session limit.
This is a nonconfigurable counter that displays the total number of dropped
packets when the session limit is reached.
For each protocol, specify a timeout in seconds. A session expires if no data for
the session is received for the duration of the timeout period. The default
timeout periods are 1200 seconds for TCP sessions, 180 seconds for UDP
sessions, and 8 seconds for ICMP sessions.
v1.0, April 2010
Figure 4-18 on page
Firewall Protection