Firmware Upgrading; Figure 22: Gxv3370 Firmware Upgrade Configuration; Figure 23: Validate Certification Chain - Grandstream Networks GXV3370 Security Manual

Firmware Upgrading

Similar to configuration file provisioning, GXV3370 supports downloading firmware file via
HTTP/HTTPS/TFTP. The firmware file is encrypted and GXV3370 ensures only authentic, signed and
untampered firmware file can run. Here are the recommended settings for firmware downloading.
Firmware Upgrade Mode: HTTPS.
-
HTTPS is recommended so the traffic is encrypted while travelling through the network.
HTTP/HTTPS User Name and Password:
-
This can be set up as required on the provisioning server when HTTP/HTTPS is used. Only when the
GXV3370 has the correct username and password configured, it can be authenticated by the firmware
server and the firmware file will be downloaded.
Validate Certificate Chain:
-
This configures whether to validate the server certificate when downloading the firmware/config file. If
set to "Yes", the phone will download the firmware/config file only from the legitimate server.
GXV3370 supports uploading CA certificate to validate the server certificate and this setting is under
GXV3370 web UI→System Settings→Security Settings→Certificate Management.

Figure 22: GXV3370 Firmware Upgrade Configuration

Figure 23: Validate Certification Chain

GXV3370 Security Guide
P a g e | 20