Firewall

6

 

Configuring Application Level Gateway

 

 

 

 

 

Maximum Connections: Limit the number for TCP and UDP connections. Enter a value in the range 1000 to 60000. The default value is 60000.

TCP Timeout: Enter the timeout value in seconds for TCP session. Inactive TCP sessions are removed from the session table after this duration. The valid range is 5 to 3600 seconds. The default value is 1200 seconds.

UDP Timeout: Enter the timeout value in seconds for UDP session. Inactive UDP sessions are removed from the session table after this duration. The valid range is 5 to 3600 seconds. The default value is 180 seconds.

STEP 3 Click Save to apply your settings.

Configuring Application Level Gateway

The security appliance can function as an Application Level Gateway (ALG) to allow certain NAT incompatible applications (such as SIP or H.323) to operate properly through the security appliance.

If Voice-over-IP (VoIP) is used in your organization, you should enable H.323 ALG or SIP ALG to open the ports necessary to allow the VoIP through your voice device. The ALGs are created to work in a NAT environment to maintain the security for privately addressed conferencing equipment protected by your voice device.

You can use both H.323 ALG and SIP ALG at the same time, if necessary. To determine which ALG to use, consult the documentation for your VoIP devices or applications.

STEP 1 Click Firewall > Application Level Gateway.

The Application Level Gateway window opens.

STEP 2 Enter the following information:

SIP Support: SIP ALG can rewrite the information within the SIP messages (SIP headers and SDP body) to make signaling and audio traffic between the client behind NAT and the SIP endpoint possible. Check this box to enable SIP ALG support, or uncheck this box to disable this feature.

NOTE: Enable SIP ALG when voice devices such as UC500, UC300, or SIP phones are connected to the network behind the security appliance.

Cisco ISA500 Series Integrated Security Appliances Administration Guide

289

Page 289
Image 289
Casio ISA550WBUN3K9 manual Configuring Application Level Gateway, Click Firewall Application Level Gateway