sys session list Quiz and Flashcards: Get Expected Sessions

Podcast Beta

Play an AI-generated podcast conversation about this lesson

Questions and Answers

Which protocol does the SIP ALG support?

TCP

UDP (correct)

FTP

HTTP

Where does the SIP ALG run?

On the client side

On the server side

In the kernel

As a user space process (correct)

When does FortiGate use the SIP ALG?

When traffic does not match a policy with a VoIP profile and the VoIP mode is set to proxy-based

When traffic does not match a policy with a VoIP profile and the VoIP mode is set to kernel-helper-based

When traffic matches a policy with a VoIP profile (correct)

FortiGate always uses the SIP ALG regardless of the configuration

What does the default-voip-alg-mode setting specify?

Which VoIP mode to use Signup and view all the answers

When should FortiGate use the SIP helper instead of the SIP ALG?

When the SIP ALG is not working as expected Signup and view all the answers

What can be changed using the 'config system settings' command?

SIP ALG port numbers Signup and view all the answers

How can you display all active SIP calls?

diagnose sys sip-proxy calls list Signup and view all the answers

What does a debug level of 4 in the SIP real-time debug enable?

Session creation and deletion Signup and view all the answers

What does a debug level of 64 in the SIP real-time debug enable?

HEX dump of all data Signup and view all the answers

What can you use the 'im' and 'sip' real-time debugs for?

To display real-time information about SIP traffic Signup and view all the answers

Which command can be used to list the expected sessions created by the session helpers?

diagnose sys session list expectation Signup and view all the answers

What does the debug flow show for traffic inspected by a helper?

run helper-ftp(dir=original) Signup and view all the answers

What does the debug flow show for traffic matching an expected session?

Find an EXP session, id 00016f90 Signup and view all the answers

Which command can be used to list the active session helpers?

config system session-helper Signup and view all the answers

What does the output of 'config system session-helper' command list?

TCP or UDP port numbers Signup and view all the answers

Which protocols may require a session helper in certain circumstances?

PPTP, H323, and RSH Signup and view all the answers

What can be done if a protocol is using a different port number?

Change the FortiGate configuration Signup and view all the answers

What does the SIP application layer gateway (ALG) provide?

All the same features as the SIP helper Signup and view all the answers

Which command can be used to view the name of the session helper inspecting the traffic?

debug flow Signup and view all the answers

What does the debug flow show for traffic matching an expected session previously created by a session helper?

Find an EXP session Signup and view all the answers

Study Notes

SIP ALG Details

SIP ALG supports SIP protocol
It runs on FortiGate
FortiGate uses SIP ALG when SIP traffic is detected

SIP ALG Settings

The default-voip-alg-mode setting specifies the default mode for the SIP ALG

SIP Helper vs SIP ALG

FortiGate should use the SIP helper instead of the SIP ALG when SIP traffic is fragmented or contains IP options

Config System Settings

The 'config system settings' command can be used to change settings, including those related to SIP ALG

SIP Debugging

'diagnose debug flow' command displays all active SIP calls
Debug level 4 in SIP real-time debug enables debugging for SIP call setup and teardown
Debug level 64 in SIP real-time debug enables debugging for SIP message logging
'im' and 'sip' real-time debugs can be used for troubleshooting SIP and instant messaging issues

Session Helpers

The 'diagnose system session-helper list' command lists the expected sessions created by the session helpers
Debug flow shows the traffic inspected by a helper
Debug flow shows the traffic matching an expected session previously created by a session helper
The 'diagnose system session-helper list' command lists the active session helpers
The 'config system session-helper' command lists the configured session helpers

Protocols and Ports

Protocols like SIP, H.323, and Skinny may require a session helper in certain circumstances
If a protocol uses a different port number, the session helper can be configured to use that port

SIP Application Layer Gateway

The SIP application layer gateway (ALG) provides SIP traffic inspection and modification

Session Helper Inspection

The 'diagnose system session-helper show' command can be used to view the name of the session helper inspecting the traffic

Studying That Suits You

Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

Description

Learn how to diagnose expected sessions using the sys session list expectation command. This quiz covers the command syntax and provides an example of listing expected sessions for specific IP addresses and ports. Discover how to monitor session helpers and inspect traffic using debugging tools.

Diagnosing Expected Sessions with sys session list expectation