MGCP Configuration

MGCP Enable indicates status of the MGCP ALG. Check or uncheck and click Apply to enable or disable the MGCP ALG.

Application Screen

Use this section to configure the security device to screen for unknown MGCP message types. Click Apply after making your selection.

Allow Unknown Message

Use this section to specify how unidentified MGCP messages are handled by the security device. The default is to drop unknown messages. Permitting unknown messages can compromise security and is not recommended. However, in a secure test or production environment, this command can be useful for resolving interoperability issues with disparate vendor equipment. For example, the security device rejects SIP messages containing unsupported SIP “methods.” By permitting unknown SIP messages in this case, you can get your network operational and later analyze your VoIP traffic to determine why some messages were being dropped.

Note that this command applies only to received packets identified as supported VoIP protocol packets. If a packet cannot be identified, it is always dropped. If you allow unknown messges and a packet is identified as a supported protocol, the message is forwarded without processing.

• NAT specifies that unknown messages be allowed to pass if the session is in NAT mode.

• Route specifies that unknown messages be allowed to pass if the session is in route mode. (Sessions in transparent mode are treated as route mode.)

Connections Flood (per Gateway) specifies the threshold for connections per second, limiting the rate of processing CreateConnection requests from the call agent and thereby constraining pinhole creation. CreateConnection requests that exceed this threshold are dropped. Disabled by default. When enabled, default threshold value is 200 connections; minimum is 10, maximum is 1000.

Message Flood Threshold specifies the rate in seconds beyond which messages arriving on an MGCP session are dropped. Disabled by default. When enabled, default is 1000 messages; minimum is 50, maximum is 500.

Timeout & Interval

A call can have one or more voice channels. Each voice channel has two sessions (or media streams), one for RTP and one for RTCP. When managing the sessions, the security device considers the sessions in each voice channel as one group. Timeout settings apply to a group, as opposed to each session.

To set MGCP timeouts, enter values for the following and click Apply:

Inactivity Media Timeout: specifies how long pinholes and sessions opened for media are kept alive in the absence of activity. The default is 120 seconds.

Max Call Duration: specifies the maximum number of minutes (the default is 720) established calls are kept alive. The minimum is 3, maximum is 1440.

Transaction Timeout: specifies the time in seconds for an MGCPtransaction.The default is 30 seconds