mirrors/cheat-sheets
1
0
Fork 0
mirror of https://github.com/yuriskinfo/cheat-sheets.git synced 2025-12-21 13:23:11 +01:00
Code Issues Packages Projects Releases Wiki Activity

ongoing additions, changes, and fixes

Browse Source
This commit is contained in:
Yuri Slobodyanyuk
2022-03-08 18:21:26 +02:00
parent 3fe09c48fa
commit b7bd896edd
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
cheat-sheets/Fortigate-debug-diagnose-complete-cheat-sheet.adoc
View File

@@ -603,7 +603,7 @@ just clear Fortigate DHCP database and will start over allocating again. You can
|*config sys settings* |*config sys settings*
*get | grep alg* *get \| grep alg*
|Show what is the current SIP inspection mode. If the output is `default-voip-alg-mode: proxy-based` then the full Layer 7 |Show what is the current SIP inspection mode. If the output is `default-voip-alg-mode: proxy-based` then the full Layer 7
proxy SIP inspection is on (_ALG_ inspection). If the output is `default-voip-alg-mode: kernel-helper-based` then the Layer 4 _helper_ inspection is on. In both modes Fortigate does IP address translation inside SIP packets (if needed), and opens dynamically high ports for incoming media/voice streams ports. In _ALG_ mode, the Fortigate additionally does RFC compliance verification and more. So, the _ALG_ mode is more prone to cause issues but also provides more security. proxy SIP inspection is on (_ALG_ inspection). If the output is `default-voip-alg-mode: kernel-helper-based` then the Layer 4 _helper_ inspection is on. In both modes Fortigate does IP address translation inside SIP packets (if needed), and opens dynamically high ports for incoming media/voice streams ports. In _ALG_ mode, the Fortigate additionally does RFC compliance verification and more. So, the _ALG_ mode is more prone to cause issues but also provides more security.