scope:

The gate management and gate control packages define a number of properties to support gate management procedures at the boundary between two Internet protocol (IP) transport domains.

The packages in this Recommendation allow a media gateway (MG) to be configured to filter packets based on rules for different criteria such as source address/port, destination address/port, incoming protocol and/or outgoing protocol. The protocol filtering may be at the IP layer, transport protocol layer, i.e., UDP/TCP or on a higher layer, i.e., HTTP. Once a packet is matched to any or all of the filter rules then the packet may be admitted (received and/or forwarded) or discarded according to the behaviour specification.

These filtering rules have been placed in different packages to allow for different MG configurations to be deployed according to the gate management/control or firewall situation needed.

The filtering rules may be placed on an individual termination or the root termination, thus allowing the filtering policy to be set on a per call/stream basis or on a media gateway as a whole. This policy may be set by the media gateway controller (MGC) or by management action.

Typical applications for gate control/management

Filtering capabilities for IP network infrastructure is a wide topic. This Recommendation supports the flexible definition of many different filter types and combinations of these filters. Such filters may be applied in order to satisfy similar (operational security) requirements for IP traffic as, e.g., outlined by [b-IETF RFC 3871], or to address similar protocol-specific attacks as, e.g., identified by [b-IETF RFC 4778], or to build similar filter structures, e.g., as are being considered by the OPSEC working group of the IETF [b-IETF opsec].