Sessions and Media
Here, settings are made for the SIP sessions negotiated via the firewall. Most settings on this page regard the session media streams.
Session configuration
Maximum number of media streams per SIP session
Enter the number of media streams a single SIP session can handle. This restriction is primarily made for preventing DOS attacks.
Maximum number of concurrent sessions
Enter the number of concurrent SIP sessions which the firewall should handle. If the field is left empty, no upper limit is set.
Session timer
Enter the maximum time for a SIP initiated connection. When the timeout is reached, the firewall discards the media streams. The clients won't notice, as the connection is still active, but you won't hear anything as no media streams are let through. To avoid this, clients can regularly ask for new timeouts.
Limitation of sender of media streams
The firewall usually locks a media stream to the first sender IP address and port (for security reasons). Some SIP clients change ports during the first media stream packets, which will block the media stream from being let through the firewall. There are also scenarios where the media stream sender is changed to an entirely new sender.
You can select for the firewall to Lock to the first sender, which will render the behaviour described above. Allow multiple concurrent senders lets the media stream through even if ports and/or IP addresses change.
SIP media port range
State a port interval which the firewall should use for SIP media streams. You can use any high ports except 4500 (reserved for NAT-T), 57000-58023 (reserved for FTP relays), 61000-65096 (reserved for NAT) and 65097-65200 (reserved for RADIUS).
Ports
Enter the lower and upper limit of the port range that the firewall should use for media streams. The upper limit must be at least as high as the lower limit.
Save
Saves the Sessions and Media configuration to the preliminary configuration.
Undo
Reverts all of the above fields to their previous configuration.