Firewall Protection
161
ProSecure Unified Threat Management (UTM) Appliance
4. Click Apply to save your settings.
Manage the Application Level Gateway for SIP Sessions and
VPN Scanning
The application level gateway (ALG) facilitates multimedia sessions such as voice over IP
(VoIP) sessions that use the Session Initiation Protocol (SIP) across the firewall and provides
support for multiple SIP clients. ALG support for SIP is disabled by default.
You can enable scanning of VPN traffic that passes through the UTM. VPN scanning
increases the level of security but degrades the IPSec performance. By default, VPN
scanning is disabled.
To enable ALG for SIP and VPN scanning:
1. Select Network Security > Firewall > Advanced. The Advanced screen displays:
User Limit Enter a number to indicate the user limit.
If the User Limit Parameter is set to Percentage of Max Sessions, the number
specifies the maximum number of sessions that are allowed from a single-source
device as a percentage of the total session connection capacity of the UTM. (The
session limit is per-device based.)
If the User Limit Parameter is set to Number of Sessions, the number specifies an
absolute value.
Note: Some protocols such as FTP and RSTP create two sessions per connection,
which should be considered when configuring a session limit.
Total Number of
Packets Dropped due
to Session Limit
This is a nonconfigurable counter that displays the total number of dropped packets
when the session limit is reached.
Session Timeout
TCP Timeout For each protocol, specify a time-out in seconds. A session expires if no data is
received for the session during the time-out period. The default time-out periods
are 1200 seconds for TCP sessions, 180 seconds for UDP sessions, and
8 seconds for ICMP sessions.
UDP Timeout
ICMP Timeout
Table 31. Session Limit screen settings (continued)
Setting Description