Configuring General Security Settings - AudioCodes Mediant 3000 User Manual
Gateway & enterprise sbc, family of media gateways & session border controllers
Hide thumbs
Also See for Mediant 3000:
- User manual (1070 pages) ,
- Installation manual (90 pages) ,
- Hardware installation manual (88 pages)
Table of Contents
Advertisement
User's Manual
The firewall rules in the above configuration example do the following:
Rules 1 and 2: Typical firewall rules that allow packets ONLY from specified IP
addresses (e.g., proxy servers). Note that the prefix length is configured.
Rule 3: A more "advanced" firewall rule - bandwidth rule for ICMP, which allows a
maximum bandwidth of 40,000 bytes/sec with an additional allowance of 50,000 bytes.
If, for example, the actual traffic rate is 45,000 bytes/sec, then this allowance would be
consumed within 10 seconds, after which all traffic exceeding the allocated 40,000
bytes/sec is dropped. If the actual traffic rate then slowed to 30,000 bytes/sec, the
allowance would be replenished within 5 seconds.
Rule 4: Allows traffic from the LAN voice interface and limits bandwidth.
Rule 5: Blocks all other traffic.
14.2
Configuring General Security Settings
The device uses TLS over TCP to encrypt and optionally, authenticate SIP messages. This
is referred to as Secure SIP (SIPS). SIPS uses the X.509 certificate exchange process, as
described in 'Configuring SSL/TLS Certificates' on page 109, where you need to configure
certificates (TLS Context).
Notes:
•
When a TLS connection with the device is initiated by a SIP client, the device also
responds using TLS, regardless of whether or not TLS was configured.
•
For backward compatibility, the following parameters can be used:
√
√
To configure SIPS:
1.
Configure a TLS Context as required.
2.
Assign the TLS Context to a Proxy Set or SIP Interface (see Configuring Proxy Sets
on page
3.
Configure a SIP Interface with a TLS port number.
4.
Configure various SIPS parameters in the General Security Settings page
(Configuration tab > VoIP menu > Security > General Security Settings).
For a description of the TLS parameters, see TLS Parameters on page 768.
5.
By default, the device initiates a TLS connection only for the next network hop. To
enable TLS all the way to the destination (over multiple hops), set the 'Enable SIPS'
(EnableSIPS) parameter to Enable in the SIP General Parameters page
(Configuration tab > VoIP menu > SIP Definitions > General Parameters).
Version 6.8
SIPTransportType to enable TLS.
TLSLocalSIPPort to configure the device's port used for TLS traffic.
296
and Configuring SIP Interfaces on page 279, respectively).
161
14. Security
Mediant 3000
Advertisement
Table of Contents
