Cisco Systems CL-28826-01 Security Camera User Manual


  Open as PDF
of 2616
 
17-78
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 17 Managing Firewall Inspection Rules
Configuring Protocols and Maps for Inspection
Field Reference
Table 17-46 Add and Edit SIP Map Dialog Box
Element Description
Name The name of the policy object. A maximum of 40 characters is allowed.
Description A description of the policy object. A maximum of 200 characters is
allowed.
Parameters tab
Enable SIP Instant
Messaging Extensions
Whether to enable Instant Messaging extensions.
Permit Non-SIP Traffic on
SIP Port
Whether to permit non-SIP traffic on the SIP port.
Hide Server’s and Endpoint’s
IP Address
Whether to hide the IP addresses, which enables IP address privacy.
Check RTP Packets for
Protocol Conformance
Limit Payload to Audio or
Video based on the Signaling
Exchange
Whether to check RTP/RTCP packets flowing on the pinholes for
protocol conformance. If you select this option, you can also elect to
enforce the payload type to be audio/video based on the signaling
exchange.
If Number of Hops to
Destination is Greater Than 0
Whether to check if the value of Max-Forwards header is zero. When it
is greater than zero, the action you select in the Action field is
implemented. The default is to drop the packet.
If State Transition is
Detected
Whether to check SIP state transitions. When a transition is detected,
the action you select in the Action field is implemented. The default is
to drop the packet.
If Header Fields Fail Strict
Validation
Whether to take the action specified in the Action field if the SIP header
fields are invalid. The default is to drop the packet.
Inspect Server’s and
Endpoint’s Software Version
Whether to inspect the SIP endpoint software version in User-Agent
and Server headers. The default is to mask the information.
If Non-SIP URI is Detected Whether to take the action specified in the Action field if a non-SIP URI
is detected in the Alert-Info and Call-Info headers. The default is to
mask the information.
Match Condition and Action Tab
The Match All table lists the criteria included in the policy map. Each row indicates whether the
inspection is looking for traffic that matches or does not match each criterion, the criterion and value
that is inspected, and the action to be taken for traffic that satisfies the conditions.
To add a criterion, click the Add button and fill in the Match Condition and Action dialog box (see
SIP Class and Policy Maps Add or Edit Match Condition (and Action) Dialog Boxes, page 17-79).
To edit a criterion, select it and click the Edit button.
To delete a criterion, select it and click the Delete button.
Category The category assigned to the object. Categories help you organize and
identify rules and objects. See Using Category Objects, page 6-12.