The pre-session-configuration object allows you to globally apply SIP settings to your network before SIP call sessions are established. SIP methods that you want to shield from the network, for example, can be blocked using settings in the pre-session-configuration object. This means that you do not need to create a policy rule to block a particular SIP method that is globally forbidden from your network.
Opens the pre-session-config object for editing. Through this object you set the parameters used by the VSP to alter SIP traffic before a session is established.
unregistered-sender-directive: Sets the action the system takes when it receives a packet with an unknown sender in the ”From” field of the INVITE packet. Use the registration-requirement-level setting in the route or source-route object to define what is considered unknown.
Default: allow; if you select refuse, the default result code is 400
Values: allow: The ME permits the packet to proceed toward its destination.
discard: The ME immediately discards the packet.
refuse [result-code][result-string]: The ME discards the packet but sends a response to indicate having done so. The response includes an error code (default of 400 but you can enter any value between 400 and 699) and an optional description.
Example: set unregistered-sender-directive refuse 404 ”unknown sender”
optional-header-error-handling: Determines how the ME handles optional header parsing.
Default: strip; if you select reject, the default result code is 400 withe string ”Bad Request - Optional Header Failed Parsing”
Values: strip: The ME strips the malformed header in its entirety.
ignore: The ME ignores the error and sends the malformed header on the egress leg.
discard: The ME immediately discards the packet.
reject [result-code][result-string]: The ME discards the packet but sends a response to indicate having done so. The response includes an error code (default of 400 but you can enter any value between 400 and 699) and an optional description.
Example: set optional-header-error-handling ignore
Enables or disables blocking of SIP methods and specifies the SIP method to block. When a method type is blocked, the ME drops the packet. Repeat the command to block additional SIP methods.
The following table lists the methods that ME can block, along with brief definitions from the related RFC:
Method | Description | Found in... |
---|---|---|
INVITE |
Asks a server to establish a session. |
RFC 3261, SIP: Session Initiation Protocol |
ACK |
Facilitates reliable message exchange for INVITEs. |
RFC 3261 |
OPTIONS |
Allows a UA to query another UA or a proxy server as to its capabilities. |
RFC 3261 |
BYE |
Terminates a specific session or attempted session. |
RFC 3261 |
CANCEL |
Asks the UAS to cease processing the request and to generate an error response to that request. |
RFC 3261 |
REGISTER |
Sends a request to a... registrar. A registrar acts as the front end to the location service for a domain, reading and writing mappings based on the contents of REGISTER requests. |
RFC 3261 |
MESSAGE |
Allows the transfer of Instant Messages. |
RFC 3428, Session Initiation Protocol (SIP) Extension for Instant Messaging |
INFO |
Allow for the carrying of session related control information that is generated during a session. |
RFC 2976, The SIP INFO Method |
NOTIFY |
Contains the modified session description. |
RFC 2848, The PINT Service Protocol: Extensions to SIP and SDP for IP Access to Telephone Call Services |
SUBSCRIBE |
Indicates that a user wishes to receive information about the status of a service session. |
RFC 2848 |
REFER |
Requests that the recipient REFER to a resource provided in the request...and provides a mechanism allowing the party sending the REFER to be notified of the outcome of the referenced request. |
RFC 3515, The Session Initiation Protocol (SIP) Refer Method |
PRACK |
Plays the same role as ACK, but for provisional responses. |
RFC 3262, Reliability of Provisional Responses in the Session Initiation Protocol (SIP) |
PUBLISH |
Provides a framework for the publication of event state information. |
RFC 3903, Session Initiation Protocol (SIP) Extension for Event State Publication |
admin: Enables or disables the blocking of SIP methods before SIP sessions are established.
Default: enabled
Values: enabled | disabled
Example: set admin disabled
block-method: Specifies the SIP method(s) to block from the network. Re-execute the command to add each block method. See the above table for method descriptions.
Default: There is no default setting
Example: set block-method refer
Enables or disables the SIP header rules (set with the rule object) that are applied to the network before a SIP session is established.
Sets an optional rule description, the conditions of the rule, and the type of action to apply to SIP headers that match those conditions. To open the rule object, specify a name. Initially, the order in which they were created establishes the precedence for the rule (if you create multiple rules). Use the move command to change the order.
A condition is a predicate statement that the ME matches the SIP headers against. If a header matches any of these statements, the ME takes the action defined by the action property. Note that the conditions are AND'd together.
Follow these rules when creating conditions:
If you enter a header name only, the ME applies the action to that header.
You can enter only one header name. To match on more than one, create multiple rules.
If you enter a header value only, the ME applies the action if any header matches that value.
You can enter more than one value, but should do so with extreme care, as the rule will take a single action against all matches.
If you enter a name and value, the ME applies the action to the named header if it has the specified value.
description: Sets the user-specified text description for the rule. Use the show -v command from the sip-header-settings level to see all configured rules with descriptions.
Default: There is no default setting
Example: set description ”SIP header policy to apply prior to session establishment.”
condition: Sets whether to match on a name of a SIP header and/or a value in one of the fields. (See the more detailed explanation in this command description.)
Default: There is no default setting
Values: match-header <header-name>: sets the name of the header to match on. To see possible name matches, enter set condition match-header ? at the prompt.
match-header-and-value <header-name><reg-exp>: sets the header name and field to match against. In this case, both entries must match.
match-value <reg-exp>: matches all SIP headers against the text string you enter. Enclose a string with spaces within quotation marks.
Example: set condition match-header To
action: Sets the action to apply to packets in which the conditions of this rule are met.
Default: There is no default setting
Values: discard-packet: the system immediately discards the packet.
strip-header: the system removes the SIP header from the packet. Use this, for example, if a particular header causes problems for another SIP device in the network.
alter-header <new-sip-header>: the system changes the content of the header to the text you supply. If your condition list contained a match-name statement, the system alters the named header. If your condition list contained only a value, the system alters all headers that contain that value.
Example: set action alter-header 800