Is the only issue with ALG rewring of sip message headers as it comes in through firewall?
On Sun, Oct 31, 2010 at 6:37 PM, Tony Graziano <tgrazi...@myitdepartment.net> wrote: > Because it interferes with the media relay for remote workers in sipxecs. > > > On Sun, Oct 31, 2010 at 6:32 PM, Roman Gelfand <rgelfa...@gmail.com> wrote: >> >> Actually, it does have dos protection. However, it is not based on >> limiting connections rather on limiting bandwidth and priority. >> >> BTW... what is the reason why something like ALG can not work with sipx? >> >> On Sun, Oct 31, 2010 at 4:35 PM, Tony Graziano >> <tgrazi...@myitdepartment.net> wrote: >> > If your fortigate does not have a dos protection mechanism (it does not >> > need >> > sip alg enabled to do this, as DOS protection is a firewall function), >> > you >> > should investigate upgrading the device to get that module or replacing >> > it. >> > Basic DOS protection in fortigate should be self sensing/aware, and able >> > to >> > handle the relentless connections to port "whatever" by itself, assuming >> > it >> > is available on the device, enabled and configured (via your fortigate >> > firewall policy). >> > Absent that, replacing it with something that offers this might be a >> > wise >> > choice if you need to support remote users or replacing sipxbridge with >> > a >> > SBC that can do the same function. >> > >> > On Sun, Oct 31, 2010 at 3:08 PM, Roman Gelfand <rgelfa...@gmail.com> >> > wrote: >> >> >> >> My firewall could do this, but it would require me to use ALG. I >> >> thought we are not to use ALG. >> >> >> >> On Fri, Oct 29, 2010 at 2:51 PM, Tony Graziano >> >> <tgrazi...@myitdepartment.net> wrote: >> >> > See my blog: >> >> > >> >> > http://blog.myitdepartment.net >> >> > >> >> > Article about rate limiting connections. If your firewall can do this >> >> > too, >> >> > you'll be fine. >> >> > ============================ >> >> > Tony Graziano, Manager >> >> > Telephone: 434.984.8430 >> >> > Fax: 434.984.8431 >> >> > >> >> > Email: tgrazi...@myitdepartment.net >> >> > >> >> > LAN/Telephony/Security and Control Systems Helpdesk: >> >> > Telephone: 434.984.8426 >> >> > Fax: 434.984.8427 >> >> > >> >> > Helpdesk Contract Customers: >> >> > http://www.myitdepartment.net/gethelp/ >> >> > >> >> > ----- Original Message ----- >> >> > From: sipx-users-boun...@list.sipfoundry.org >> >> > <sipx-users-boun...@list.sipfoundry.org> >> >> > To: Discussion list for users of sipXecs software >> >> > <sipx-users@list.sipfoundry.org> >> >> > Sent: Fri Oct 29 14:47:45 2010 >> >> > Subject: Re: [sipx-users] Performance Degradation >> >> > >> >> > sipxproxy is using 143% cpu. >> >> > >> >> > It looks like I am in trouble. Looking at the log I see extension >> >> > 107 >> >> > or 123 that doesn't exist in the domail. The user agent is claims is >> >> > friendly scanner. >> >> > >> >> > On Fri, Oct 29, 2010 at 2:33 PM, Tony Graziano >> >> > <tgrazi...@myitdepartment.net> wrote: >> >> >> Check your logs (sipxproxy and registrar) to see ify there are >> >> >> registration >> >> >> or invite attempts from the outside. >> >> >> >> >> >> top -U sipxchange >> >> >> >> >> >> Does anything show high cpu? >> >> >> >> >> >> ============================ >> >> >> Tony Graziano, Manager >> >> >> Telephone: 434.984.8430 >> >> >> Fax: 434.984.8431 >> >> >> >> >> >> Email: tgrazi...@myitdepartment.net >> >> >> >> >> >> LAN/Telephony/Security and Control Systems Helpdesk: >> >> >> Telephone: 434.984.8426 >> >> >> Fax: 434.984.8427 >> >> >> >> >> >> Helpdesk Contract Customers: >> >> >> http://www.myitdepartment.net/gethelp/ >> >> >> >> >> >> ----- Original Message ----- >> >> >> From: sipx-users-boun...@list.sipfoundry.org >> >> >> <sipx-users-boun...@list.sipfoundry.org> >> >> >> To: Discussion list for users of sipXecs software >> >> >> <sipx-users@list.sipfoundry.org> >> >> >> Sent: Fri Oct 29 14:30:29 2010 >> >> >> Subject: [sipx-users] Performance Degradation >> >> >> >> >> >> All of a sudden, the sipx server slowed down significantly to the >> >> >> point that registration are timing out 408. If I am lucky and >> >> >> register the phone, it takes a minute to place a call. There is >> >> >> realy >> >> >> no load on the system. SWhat could be the cause? >> >> >> >> >> >> Thanks in advance >> >> >> _______________________________________________ >> >> >> sipx-users mailing list >> >> >> sipx-users@list.sipfoundry.org >> >> >> List Archive: http://list.sipfoundry.org/archive/sipx-users/ >> >> >> _______________________________________________ >> >> >> sipx-users mailing list >> >> >> sipx-users@list.sipfoundry.org >> >> >> List Archive: http://list.sipfoundry.org/archive/sipx-users/ >> >> >> >> >> > _______________________________________________ >> >> > sipx-users mailing list >> >> > sipx-users@list.sipfoundry.org >> >> > List Archive: http://list.sipfoundry.org/archive/sipx-users/ >> >> > _______________________________________________ >> >> > sipx-users mailing list >> >> > sipx-users@list.sipfoundry.org >> >> > List Archive: http://list.sipfoundry.org/archive/sipx-users/ >> >> > >> >> _______________________________________________ >> >> sipx-users mailing list >> >> sipx-users@list.sipfoundry.org >> >> List Archive: http://list.sipfoundry.org/archive/sipx-users/ >> > >> > >> > >> > -- >> > ====================== >> > Tony Graziano, Manager >> > Telephone: 434.984.8430 >> > sip: tgrazi...@voice.myitdepartment.net >> > Fax: 434.326.5325 >> > >> > Email: tgrazi...@myitdepartment.net >> > >> > LAN/Telephony/Security and Control Systems Helpdesk: >> > Telephone: 434.984.8426 >> > sip: helpd...@voice.myitdepartment.net >> > >> > Helpdesk Contract Customers: >> > http://support.myitdepartment.net >> > >> > >> > _______________________________________________ >> > sipx-users mailing list >> > sipx-users@list.sipfoundry.org >> > List Archive: http://list.sipfoundry.org/archive/sipx-users/ >> > >> _______________________________________________ >> sipx-users mailing list >> sipx-users@list.sipfoundry.org >> List Archive: http://list.sipfoundry.org/archive/sipx-users/ > > > > -- > ====================== > Tony Graziano, Manager > Telephone: 434.984.8430 > sip: tgrazi...@voice.myitdepartment.net > Fax: 434.326.5325 > > Email: tgrazi...@myitdepartment.net > > LAN/Telephony/Security and Control Systems Helpdesk: > Telephone: 434.984.8426 > sip: helpd...@voice.myitdepartment.net > > Helpdesk Contract Customers: > http://support.myitdepartment.net > > > _______________________________________________ > sipx-users mailing list > sipx-users@list.sipfoundry.org > List Archive: http://list.sipfoundry.org/archive/sipx-users/ > _______________________________________________ sipx-users mailing list sipx-users@list.sipfoundry.org List Archive: http://list.sipfoundry.org/archive/sipx-users/
