Configuring General Security Settings - AudioCodes Mediant 1000B User Manual

User's Manual
Parameter
Action Upon Match
The firewall rules in the above configuration example do the following:

Rules 1 and 2: Typical firewall rules that allow packets ONLY from specified IP
addresses (e.g., proxy servers). Note that the prefix length is configured.

Rule 3: A more "advanced" firewall rule - bandwidth rule for ICMP, which allows a
maximum bandwidth of 40,000 bytes/sec with an additional allowance of 50,000 bytes.
If, for example, the actual traffic rate is 45,000 bytes/sec, then this allowance would be
consumed within 10 seconds, after which all traffic exceeding the allocated 40,000
bytes/sec is dropped. If the actual traffic rate then slowed to 30,000 bytes/sec, the
allowance would be replenished within 5 seconds.

Rule 4: Allows traffic from the LAN voice interface and limits bandwidth.

Rule 5: Blocks all other traffic.
13.2

Configuring General Security Settings

The device uses TLS over TCP to encrypt and optionally, authenticate SIP messages. This
is referred to as Secure SIP (SIPS). SIPS uses the X.509 certificate exchange process, as
described in ''Configuring SSL/TLS Certificates'' on page 109, where you need to configure
certificates (TLS Context).
Note:
also responds using TLS, regardless of whether or not TLS was configured.

To configure SIPS:
1. Configure a TLS Context as required (see ''Configuring TLS Certificate Contexts'' on
page 109).
2. Assign the TLS Context to a Proxy Set or SIP Interface (see ''Configuring Proxy Sets''
on page 367 and ''Configuring SIP Interfaces'' on page 345, respectively).
3. Configure a SIP Interface with a TLS port number.
Version 7.2
1
Allow Allow
When a TLS connection with the device is initiated by a SIP client, the device
Firewall Rule
2 3
Allow
175 Mediant 1000B Gateway & E-SBC
13. Security
4 5
Allow Block