How does a FortiGate protect your network? The FortiGate firewall protects your network by taking the various components and using them together to build a kind of wall or access control point so that anyone that is not supposed to be on your network is prevented from accessing your network in anyway other than those […]
FortiGate firewall components The FortiGate firewall is made up of a number of different components that are used to build an impressive list of features that have flexibility of scope and granularity of control that provide protection that is beyond that provided by the basic firewalls of the past. Some of the components that FortiOS […]
Managing “bring your own device” FortiOS can control network access for different types of personal mobile devices that your employees bring onto your premises. You can: identify and monitor the types of devices connecting to your networks, wireless or wired l use MAC address based access control to allow or deny individual devices l create […]
SIP debugging This chapter includes some information to help with debugging SIP configurations. SIP debug log format Assuming that diagnose debug console timestamp is enabled then the following shows the debug that is generated for an INVITE if diag debug appl sip -1 is enabled: 2010-01-04 21:39:59 sip port 26 locate session for 192.168.2.134:5061 -> […]
SIP and IPS You can enable IPS in security policies that also accept SIP sessions to protect the SIP traffic from SIP-based attacks. If you enable IPS in this way then by default the pinholes that the SIP ALG creates to allow RTP and RTCP to flow through the firewall will also have IPS enabled. […]
SIP and HA–session failover and geographic redundancy FortiGate high availability supports SIP session failover (also called stateful failover) for active-passive HA. To support SIP session failover, create a standard HA configuration and select the Enable Session Pick-up option. SIP session failover replicates SIP states to all cluster units. If an HA failover occurs, all in […]
Inspecting SIP over SSL/TLS (secure SIP) Some SIP phones and SIP servers can communicate using SSL or TLS to encrypt the SIP signaling traffic. To allow SIP over SSL/TLS calls to pass through the FortiGate, the encrypted signaling traffic has to be unencrypted and inspected. To do this, the FortiGate SIP ALG intercepts and unencrypts […]
SIP logging You can enable SIP logging and logging of SIP violations in a VoIP profile. config voip profile edit VoIP_Pro_Name config sip set log-call-summary enable set log-violations enable end end To view SIP log messages go to Log & Report > Forward Traffic.