By default, the AR415S allows up to 2000 firewall sessions, and the AR442S
allows up to 4000 firewall sessions. Additional firewall sessions require a
special feature licence. If you need more firewall sessions, contact your
authorised distributor or reseller. Other products do not require special
licences for firewall sessions.

Command changes

The following table summarises the modified command.

Disabling SIP ALG Call ID Translation

This Software Version allows you to specify whether the SIP ALG translates the
Call-ID field of SIP packets before sending them out onto the public network.

When NAT is configured on the router or switch, the SIP ALG translates the
private IP addresses embedded in SIP packets into globally routable IP
addresses before sending the packets out onto the public network. This
includes changing the IP address part in the Call-ID field of the SIP packets.
The device that initiated the SIP session creates the Call-ID field by combing a
random number and the device’s IP address. Changing the IP address part in
the Call-ID field provides security by not revealing the private IP addresses in
your network through the Call-ID.

An example of a Call-ID field with a private address is:

[email protected]

The router or switch only translates the Call-ID when the device that initiated
the SIP session is a device within its private network.

To specify whether the Call-ID field of SIP packets are translated before being
sent out onto the public network, use the new command:

set firewall sipalg

callidtranslation={on|off|yes|no|true|false}

Command

Change

show firewall

New output parameters

This manual is related to the following products:

x900-48FE