SIP
The SIP protocol performs protocol analyses and dynamically authorizes secondary connections. Connections are scanned line by line – the line must be complete before the scan can be launched. For each line containing a header, a check will be performed according to the status of the automaton.
- Verification of the SIP version and the operation, validation of the URI that must be encoded in UTF-8. For requests and responses:
Line-by-line analysis of the header: validation of the header fields and the extraction of information (e.g. name of the caller and callee), protection from attacks (encoding, buffer overflow, presence and order of mandatory fields, line format, etc).
Analysis and validation of data presented in the SDP (encoding, buffer overflow, RFC compliance, presence and order of mandatory fields, line format, etc).
- For responses (in addition to the earlier checks): overall consistency of the response with the request.
The audit feature includes a session group identifier that will enable locating all the connections by conversation, by name of caller and callee and by type of medium used (audio, video, application, data, control, etc).
| Automatically detect and inspect the protocol | If the protocol has been enabled, the inspection will be automatically applied to the discovery of the corresponding traffic allowed by the filter. |
SIP commands
Allowed SIP commands
| Add | Inserts a command in the list of additional commands that require authorization. |
| Delete | Select the command to remove from the list and click on Delete. |
Prohibited SIP commands
| Add | Inserts a command to the list of additional prohibited commands. |
| Delete | Select the command to remove from the list and click on Delete. |
Maximum size of elements (bytes)
| SIP request [64-4096] | Maximum size of the request and the response. Allows managing memory overflow. |
| SIP header [64-4096] | Maximum size of the header. Allows managing memory overflow. |
| SDP protocol [64-604800] | Maximum size of an SDP line. Allows managing memory overflow. |
SIP session parameters
| Max no. of pending requests [1-512] | Maximum number of requests without responses in a single SIP session. |
| Session timeout (seconds) [60-604800] | Duration of a SIP session in seconds. |
SIP protocol extensions
| Enable extension INFO (RFC2976) | The INFO extension allows exchanging information during a call in progress. EXAMPLE Select this option to enable the extension. |
| Enable extension PRACK (RFC3262) | Two types of responses are defined by SIP: temporary and permanent. The PRACK extension allows providing a reliable recognition system and guaranteeing a sequenced delivery of temporary responses in SIP. Select this option to enable the extension. |
| Enable extensions SUBSCRIBE, NOTIFY (RFC3265) | The SIP protocol includes a normalized mechanism to allow any client (a telephone in VoIP being an example of a SIP client) to monitor the status of another device. If client Device A wants to be informed of changes to the status of Device B, it will send a SUBSCRIBE request directly to Device B or to a server that indicates Device B’s status. If the SUBSCRIBE request is successful, every time Device B’s status changes, Device A will receive a SIP NOTIFY message indicating the change in status or providing information about the event. When one device subscribes to another, it will be informed when an event occurs. EXAMPLE Select this option to enable the extension. |
| Enable extension UPDATE (RFC3311) | The UPDATE extension allows a client to update session parameters even before the session has been set up, such as all media traffic and their codecs. Select this option to enable the extension. |
| Enable extension MESSAGE (RFC3428) | The MESSAGE extension is an extension of the SIP protocol, allowing the transfer of instant messages. Since the MESSAGE request is an extension of SIP, it inherits all the security and progress features included in this protocol. The contents of MESSAGE requests are in MIME format. Select this option to enable the extension. |
| Enable extension REFER (RFC3515) | The REFER extension is used in particular for the transfer or redirection of calls. If Peer A tries to contact Peer B who is not available, A will be redirected to Peer C, who will act as B’s “referrer”. Select this option to enable the extension. |
| Enable extension PUBLISH (RFC3903) | The PUBLISH extension allows publishing the status of events to a recipient. Select this option to enable the extension. |
| Enable support for PINT protocol | This extension allows SIP telephones to coexist with non-IP services (fax, etc.). Select this option to enable the extension. |
| Enable support for Microsoft Messenger (MSN) | This option allows enabling support for Microsoft Windows Messenger. |
Support
| Disable intrusion prevention | When this option is selected, the scan of the SIP protocol will be disabled and traffic will be authorized if the filter policy allows it |
| Log every SIP query | Enables or disables the logging of SIP requests. |