Rule page field descriptions

Last Updated : Dec 22, 2016 |

General

Name

Description

Enabled

Enable or disable the rule.

Name

The name of the SIP Firewall rule. The name can have a maximum of 80 characters.

Action Type

Specify one of the following action types for the rule:

  • None: No specific action required. Use this action when you want to only generate a log or alarm for matching SIP traffic. Rule traversal continues when a SIP packet matches a rule with the None action.

  • Permit: If the rule conditions are met, allow the SIP message to pass through the SIP Firewall. If the rule conditions are not met, the SIP message is not affected or dropped.

  • Drop: If the rule conditions are met, drop the SIP message.

  • Rate Block: If the packets matching the rule exceed a certain count in a certain period, block the matching SIP packets for the duration of timeout. You define the timeout period using the Threshold parameters.

  • Rate Limit: If the packets matching the rule exceed a certain count in a certain period, drop the additional matching SIP packets for the duration of the period. You define the time period using the Threshold parameters.

Log Type

Specify if you want to generate a log, send an alarm, or take no action.

You must specify a Log Type when the Action Type is None.

Log Message

The message that will be logged when the Log Type is Yes or Alarm.

IP Layer Match Options

Name

Description

Protocol

The protocol for which the rule is to be used.

Remote IP Address

The options are:

  • Any to use the rule for all IP addresses.

  • Specify to use the rule for a specific IP address.

IP Address

The IP address if you selected Specify for Remote IP Address.

When you select Specify in the Remote IP Address field, and select Enable IPv6, the IP Address field supports both IPv4 and IPv6 addresses.

IP Address Mask

Network Mask for the specified IP address. IPv6 supports prefix mask. Valid values for prefix mask, range from 1 to 128. It also supports values in CIDR format such as /64.

Remote Port

The options are:

  • Any

  • Specify a single port.

  • Specify Range for a range of ports.

Start

A single port or the start port for a range. This field appears if you select Specify or Specify Range for the Remote Port.

End

The end port for a range of ports.

Local Port

The options are:

  • Any

  • Specify a single port.

  • Specify Range for a range of ports.

Start

A single port or the start port for a range. This field appears if you select Specify or Specify Range for the Remote Port.

End

The end port for a range of ports.

SIP Layer Match Options

Button

Description

New

Create up to five SIP layer match options for the rule.

Delete

Delete the selected SIP layer match options.

Name

Description

Key Type

The key type that the rule should match. You can add up to five key type match options. Use the logical AND to create a search pattern to define more than one match option.

  • All SIP Headers Search for the Value within all the SIP headers for the SIP packet.

  • All SIP Headers/Body Search for the Value in the SIP headers and body portions for the SIP packet.

  • REQUEST-METHOD, RESPONSE-CODE All the remaining entries in the Key Type list are SIP headers. This option searches for the Value within the specified SIP header only.

Value Type

Specify whether the key type is a string or a regular expression. You can create regular expressions using the PERL version 5.8 syntax.

Value

Value of the selected key type. The string does not need to be an exact match and can be a subset of the string present in the SIP header being used for the search.

IP/SIP LayerTrack

Name

Description

Track

The option for tracking SIP messages. This field appears only if you have selected either Rate Block or Rate Limit in the Action Type field, or None for the Action Type with Log Type enabled. You cannot use IP/SIP Layer Track with Permit/Drop Actions. This option provides advanced flood tracking in the SIP Firewall.

  • None: No tracking required

  • Remote IP address: Tracks messages for a specific IP address of the remote host.

  • Local Port: Tracks messages for a specific local port

  • From: Sender of the message

  • To: Receiver of the message

  • Contact: Tracks messages for a specific contact.

  • Request URI: URI of the called party

Threshold

Name

Description

Count (packets)

Threshold for matching packets. The range is 3 to 100000. The default value is 20. You specify this value only for the Rate Block and Rate Limit Action Types.

Period (secs)

Threshold for period for matching packets. The range is 1 to 86400. The default value is 20. You specify this value only for the Rate Block and Rate Limit Action Types.

Timeout (secs)

Action timeout in seconds. The range is 30 to 36000. The default value is 900. Specify this value only for the Rate Block Action Type.

Connection

Name

Description

Connection Type

The connection types are:

  • Any This is a default option. Session Manager matches the SIP Firewall rule against all incoming SIP Traffic

  • SIP UA Connection Session Manager matches the SIP Firewall rule against the incoming SIP traffic from entities that are not the Trusted SIP Entity, as defined by the Routing Policy. This option is suitable for creating SIP Firewall filtering rules for SIP telephones that are directly connected to Session Manager.

  • NRP SIP Entity Session Manager matches the SIP Firewall rule against the incoming SIP traffic from SIP entities.

  • NRP Trusted SIP Entity Session Manager matches the SIP Firewall rule against the incoming SIP traffic from entities that are marked as Trusted SIP Entity in the Routing Policy.

  • NRP Untrusted SIP Entity Use this option for entities such as a Session Border Controller (SBC). You can set a firewall rule to monitor traffic coming through an SBC which might have higher thresholds than SIP UA connections.

Button

Description

Commit

Save and apply the changes.

Cancel

Cancel the changes.