Created on 04-07-2010 07:24 AM Edited on 02-05-2024 09:36 AM By Stephen_G
Description
This article explains the characteristics of the two pre-defined VoIP profiles available in FortiOS 4.0 MR2.
Scope
All FortiOS users using FortiOS 4.0 MR2 and above.
Solution
In FortiOS 4.0 MR2 the new VoIP profile contains two pre-defined profiles for VoIP. These can be found in UTM>VoIP.
These profiles appear similar on the FortiGate when looked at via the GUI, however, the CLI settings give the full functionality of the profiles with the "default" and "strict" settings.
Default
This is the most commonly used VoIP profile. This profile enables both SIP and SCCP and places the minimum restrictions on what calls will be allowed to negotiate. This profile allows normal SCCP, SIP and RTP sessions and applies the following security settings:
block-long-lines to block SIP messages with lines that exceed maximum line lengths. block-unknown to block unrecognized SIP request messages. log-call-summary to write log messages that record SIP call progress (similar to DLP archiving). nat-trace (see “NAT with IP address conservation” feature). contact-fixup to fix errors in the SIP contact header line that can cause problems for SIP NAT.
Strict:
This profile is available for users who want to validate SIP messages and to only allow SIP sessions that are compliant with RFC 3261.
In addition to the settings in the default VoIP profile, the strict profile sets all SIP deep message inspection header checking to block and drop SIP messages that contain malformed SIP or SDP lines that can be detected by the Application Layer Gateway.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.