SECURITY FOR SIP ACCOUNTS AND CALLS
Protocols and Ports
By default, after a factory reset, all the accounts are active. Knowing the default local SIP port (Account1:
5060; Account2 : 5062 ... ) users can make direct IP call even if the accounts are not registered to any PBX.
Therefore, it is recommended to disable the unused ports. Under Web GUI → Accounts → Account X →
General Settings → Account Active: "No"
➢ Users can also disable Direct IP calls on all ports under Settings → Call Features: Set "Disable
Direct IP Call:" to "Yes"
•
SIP transport protocol:
The GXP supports SIP transport protocol "UDP" "TCP" and "TLS". By default, it's set to "UDP". It's
recommended to use "TLS" so the SIP signaling is encrypted. SIP transport protocol can be configured
per Account under web UI → Accounts → Account X → SIP Settings → Basic Settings. When "TLS"
is used, we recommend using "sips" instead of "sip" for SIP URI scheme to ensure the entire SIP
transaction is secured instead of "best-effort".
SIP TLS certificate, private key and password can be configured under Maintenance → Security Settings
→ Security page:
Figure 6 : Configure TLS as SIP Transport
Figure 7 : SIP TLS Settings
GXP Security Guide
P a g e
|
7