AudioCodes Mediant 3000 User Manual page 530
Gateway & enterprise sbc, family of media gateways & session border controllers
Hide thumbs
Also See for Mediant 3000:
- User manual (1070 pages) ,
- Installation manual (90 pages) ,
- Hardware installation manual (88 pages)
Table of Contents
Advertisement
Note:
•
For security, it is recommended to classify SIP dialogs based on Proxy Set only if
the IP address of the Server-type IP Group is unknown. In other words, if the
Proxy Set associated with the IP Group is configured with an FQDN. In such
cases, the device classifies incoming SIP dialogs to the IP Group based on the
DNS-resolved IP address. If the IP address is known, it is recommended to use a
Classification rule instead (and disable the Classify by Proxy Set feature), where
the rule is configured with not only the IP address, but also with SIP message
characteristics to increase the strictness of the classification process. The reason
for preferring classification based on Proxy Set when the IP address is unknown is
that IP address forgery (commonly known as IP spoofing) is more difficult than
malicious SIP message tampering and therefore, using a Classification rule
without an IP address offers a weaker form of security. When classification is
based on Proxy Set, the Classification table for the specific IP Group is ignored.
•
If multiple IP Groups are associated with the same Proxy Set, use Classification
rules to classify the incoming dialogs to the IP Groups (do not use the Classify by
Proxy Set feature).
3.
Classification Stage 3 - Classification Table: If classification based on Proxy Set
fails (or disabled), the device uses the Classification table to classify the SIP dialog to
an IP Group. If it locates a Classification rule whose characteristics (such as source IP
address) match the incoming SIP dialog, the SIP dialog is assigned to the associated
IP Group. In addition, if the Classification rule is defined as a whitelist, the SIP dialog
is allowed and proceeds with the manipulation, routing and other SBC processes. If
the Classification rule is defined as a blacklist, the SIP dialog is denied.
If the classification process fails, the device rejects or allows the call, depending on the
setting of the 'Unclassified Calls' parameter (on the General Settings page - Configuration
tab > VoIP menu > SBC > General Settings). If this parameter is set to Allow, the
incoming SIP dialog is assigned to an IP Group as follows:
1.
The device checks on which SIP listening port (e.g., 5061) the incoming SIP dialog
request arrived and the SIP Interface which is configured with this port (in the SIP
Interface table).
User's Manual
530
Mediant 3000
Document #: LTRT-89738
Advertisement
Table of Contents
