Cisco Systems CL-28826-01 Security Camera User Manual


  Open as PDF
of 2616
 
17-46
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 17 Managing Firewall Inspection Rules
Configuring Protocols and Maps for Inspection
Description A description of the policy object. A maximum of 200 characters is
allowed.
Parameters tab
HSI Group table The HSI groups to include in the map. The group number, IP address of
the HSI host, and IP addresses and interface names of the clients
connected to the security appliance are shown in the table. Up to five
HSI hosts per group, and up to ten end points per HSI group, are
allowed.
To add a group, click the Add button and fill in the dialog box (see
Add or Edit HSI Group Dialog Boxes, page 17-47).
To edit a group, select it and click the Edit button.
To delete a group, select it and click the Delete button.
Call Duration Limit The call duration limit in seconds. The range is from 0:0:0 to 1163:0:0.
A value of 0 means never timeout.
Enforce Presence of Calling
and Called Party Numbers
Whether to enforce calling and called party numbers used in call setup.
Check State Transition on
H.225 Messages
Whether to enable state checking validation on H.225 messages.
Check State Transition on
RAS Messages
Whether to enable state checking validation on RAS messages.
Create Pinholes on Seeing
RCF Packets
Whether to enable call setup between H.323 endpoints when the
Gatekeeper is inside the network. The device opens pinholes for calls
based on Registration Request/Registration Confirm (RRQ/RCF)
messages. Because these RRQ/RCF messages are sent to and from the
Gatekeeper, the calling endpoint’s IP address is unknown and the
device opens a pinhole through source IP address/port 0/0.
This option is available for ASA 8.0(5)+ devices.
Check for H.245 Tunneling
Action
Whether to enforce H.245 tunnel blocking and perform the action you
select in the Action list box.
Check RTP Packets for
Protocol Conformance
Whether to check RTP packets flowing through the pinholes for
protocol conformance.
Payload Type must be Audio
or Video based on Signaling
Exchange
Whether to enforce the payload type to be audio or video based on the
signaling exchange.
Table 17-24 Add and Edit H.323 Map Dialog Boxes (Continued)
Element Description