Install guide
Software Version 2.9.1 77
Software Version 2.9.1
C613-10486-00 REV C
Example To modify limit rule 1 attached to vlan2 for the “Nerv_office” policy to match
IP address 202.36.164.113, use the command:
set fire poli=Nerv_office lim=1 int=vlan2 ip=202.36.164.113
set firewall sipalg
Syntax SET FIREwall SIPAlg
[CALLIdtranslation={False|NO|OFF|ON|True|YES}]
[MODe={MANual|AUTOmatic}] [MAXAutoclients=1..1000]
[MULTIservers={OUTOnly|False|NO|OFF|ON|True|YES}]
Description This command modifies how the SIP ALG operates on the router or switch.
The new mode, maxautoclients and multiservers parameters allow you to
configure automatic client management for the SIP ALG.
Parameter Description
MODe Whether the clients are managed automatically by the SIP ALG, or
manually using policy rules.
Default: manual
MANual You must configure policy rules for each VoIP client to
control their SIP sessions and provide NAT.
AUTOmatic The SIP ALG automatically manages firewall sessions
for VoIP clients, and the firewall does not need policy
rules configured for SIP traffic. The SIP ALG provides
NAT for the clients by using the settings configured by
the add firewall policy nat command. The
recommended NAT setting is enhanced NAT.
MAXAutoclients The maximum number of SIP clients that the SIP ALG will support
when in automatic mode. Once the number of clients registered with
firewall sessions reaches this maximum, registrations by other SIP
clients are only permitted according to normal firewall behaviour or
any configured firewall rules. These excess client’s session details are
not stored in flash memory, and will age out based on the configured
udptimeout or udpporttimeout for the policy. This may interrupt
SIP sessions for these clients. Take care not to set maxautoclients to
a lower value than the current number of active clients registered,
because this may interrupt the SIP sessions.
This parameter is only valid when mode is set to automatic.
Default: 100