Vistas de página en total

jueves, 7 de mayo de 2020

Filtro

diagnsose sys session filter src
diagnose sys session list | grep policy_id

diagnose sys session filter dport  5060
 show | grep -f Red\ server

diagnose ip addres lists
Publicado por en
No hay comentarios :

domingo, 3 de mayo de 2020

INSPECCIÓN AVANZADA DE FLUJO DE TRÁFICO

INSPECCIÓN AVANZADA DE FLUJO DE TRÁFICO

diagnose debug disable
diagnose debug flow trace stop
diagnose debug flow filter clear
diagnose debug flow show function-name disable
diagnose debug flow show iprope disable
diagnose debug reset 4
diagnose debug flow filter dadd 8.8.8.8
diagnose debug flow filter sadd 10.212.134.200
diagnose debug flow show console enable
diagnose debug console timestamp enable
diagnose debug enable
diagnose debug flow trace start 30
Publicado por en
No hay comentarios :

sábado, 2 de mayo de 2020

Fortigate SIP


https://help.fortinet.com/fos50hlp/56/Content/FortiOS/fortigate-voip-guide/ALG.htm
https://help.fortinet.com/fos60hlp/60/Content/FortiOS/fortigate-voip-guide/ALG.htm
https://kb.fortinet.com/kb/documentLink.do?externalID=FD38920



Fortigate maneja dos métodos para controlar las sesione SIP


The SIP session helper

config system settings
set default-voip-alg-mode kernel-helper-based
set sip-helper enable
end


show system session-helper
.
.
.
edit 13
set name sip
set port 5060
set protocol 17
next


Use the following command to set the debug level for the SIP session helper. Different debug masks display different levels of detail about SIP session helper activity.
diagnose sys sip debug-mask <debug_mask_int>
Use the following command to display the current list of SIP dialogs being processed by the SIP session help. You can also use the clear option to delete all active SIP dialogs being processed by the SIP session helper.
diagnose sys sip dialog {clear | list}
Use the following command to display the current list of SIP NAT address mapping tables being used by the SIP session helper.
diagnose sys sip mapping list
Use the following command to display the current SIP session helper activity including information about the SIP dialogs, mappings, and other SIP session help counts. This command can be useful to get an overview of what the SIP session helper is currently doing.
diagnose sys sip status

The SIP session helper is disabled by default and must be enabled for the SIP session helper to process VoIP traffic

The SIP ALG

config system settings
set default-voip-alg-mode proxy-based
set sip-helper disable
end

 


config voip profile
    edit "default"
        set comment "Default VoIP profile."
    next

By default all SIP traffic is processed by the SIP ALG. If the policy that accepts the SIP traffic includes a VoIP profile, the SIP traffic is processed by that profile. If the policy does not include a SIP profile the SIP traffic is processed by the SIP ALG using the default VoIP profile.

Use the following command to list all active SIP calls being processed by the SIP ALG. You can also use the clear option to delete all active SIP calls being processed by the SIP ALG, the idle option to list idle SIP calls, and the invite option to list SIP invite transactions.
diagnose sys sip-proxy calls {clear | list | idle | invite}
Use the following commands to employ filters to display specific information about the SIP ALG and the session that it is processing. You can build up a filter by including a number of options such as source address, VoIP profile, policy, and so on.
diagnose sys sip-proxy filter <filter_options>
diagnose sys sip-proxy log-filter <filter_options>
Use the following command to display the active SIP rate limiting meters and their current settings.
diagnose sys sip-proxy meters list
Use the following command to display status information about the SIP sessions being processed by the SIP ALG. You can also clear all SIP ALG statistics.
diagnose sys sip-proxy stats {clear | list}


Conflicts between the SIP ALG and the session helper

------------

diagnose sys sip status
dialogs: max=32768, used=0
mappings: used=0
dialog hash by ID: size=2048, used=0, depth=0
dialog hash by RTP: size=2048, used=0, depth=0
mapping hash: size=2048, used=0, depth=0
count0: 0
count1: 0
count2: 0
count3: 0
count4: 0
This command output shows that the session helper is not processing SIP sessions because all of the used and count fields are 0. If any of these fields contains non-zero values then the SIP session helper may be processing SIP sessions.


diagnose sys sip-proxy stats list 


The RTP port number is included in the m= part of the SDP profile. In the example above, the SIP INVITE message includes RTP port number is 49170 so the RTCP port number would be 49171. In the SIP response message the RTP port number is 3456 so the RTCP port number would be 3457.




Debug:
 diagnose debug disable 
 diagnose debug reset
 diagnose debug application sip -1
 diagnose debug enable
Use following commands to display status information about the SIP sessions being processed by the SIP ALG.
Clear all SIP ALG statistics.

 diagnose sys sip-proxy calls list
 diagnose sys sip-proxy stats {clear | list}
 diagnose sys sip-proxy stats
 diagnose sys sip status
 diagnose sys sip dialog list
 diagnose sys sip mapping list






-
diagnose debug application sip 

1Configuration changes, mainly addition/deletion/modification of virtual domains.
2TCP connection accepts or connects, redirect creation.
4Create or delete a session.
16Any IO read or write.
32An ASCII dump of all data read or written.
64Include HEX dump in the above output.
128Any activity related to the use of the FortiCarrier dynamic profile feature to determine the correct profile-group to use.
256Log summary of interesting fields in a SIP call.
1024Any activity related to SIP geo-redundancy.
2048Any activity related to HA syncing of SIP calls.
Publicado por en
No hay comentarios :
Suscribirse a: Entradas ( Atom )