H323 Configuration

H323 Enable indicates status of the H323 ALG. Check or uncheck and click Apply to enable or disable the H323 ALG.

Application Screen

Use this section to configure the security device to screen for unknown H323 message types. Click Apply after making your selection.

Allow Unknown Message

Use this section to specify how unidentified MGCP messages are handled by the security device. The default is to drop unknown messages. Permitting unknown messages can compromise security and is not recommended. However, in a secure test or production environment, this command can be useful for resolving inter operability issues with disparate vendor equipment. For example, the security device rejects SIP messages containing unsupported SIP “methods.” By permitting unknown SIP messages in this case, you can get your network operational and later analyze your VoIP traffic to determine why some messages were being dropped.

Note that this command applies only to received packets identified as supported VoIP protocol packets. If a packet cannot be identified, it is always dropped. If you allow unknown messges and a packet is identified as a supported protocol, the message is forwarded without processing.

• NAT specifies that unknown messages be allowed to pass if the session is in NAT mode.

• Route specifies that unknown messages be allowed to pass if the session is in route mode. (Sessions in transparent mode are treated as route mode.)

Gate Source Port Any specifies that the security device accept calls from any port number.

Message Flood Threshold specifies the rate of processing Registration, Admission, Status (RAS) request messages. Request messages exceeding this limit are dropped.

Timeout & Interval

Incoming Table Timeout specifies the timeout value in seconds for entries in the NAT table. The default is 3600 seconds.