Security For Sip Accounts And Calls; Protocols And Ports; Figure 6 : Configure Tls As Sip Transport; Figure 7 : Sip Tls Settings - Grandstream Networks GXP21 Series Security Manual

SECURITY FOR SIP ACCOUNTS AND CALLS

Protocols and Ports

By default, after a factory reset, all the accounts are active. Knowing the default local SIP port (Account1:
5060; Account2 : 5062 ... ) users can make direct IP call even if the accounts are not registered to any PBX.
Therefore, it is recommended to disable the unused ports. Under Web GUI → Accounts → Account X →
General Settings → Account Active: "No"
➢ Users can also disable Direct IP calls on all ports under Settings → Call Features: Set "Disable
Direct IP Call:" to "Yes"
•
SIP transport protocol:
The GXP supports SIP transport protocol "UDP" "TCP" and "TLS". By default, it's set to "UDP". It's
recommended to use "TLS" so the SIP signaling is encrypted. SIP transport protocol can be configured
per Account under web UI → Accounts → Account X → SIP Settings → Basic Settings. When "TLS"
is used, we recommend using "sips" instead of "sip" for SIP URI scheme to ensure the entire SIP
transaction is secured instead of "best-effort".
SIP TLS certificate, private key and password can be configured under Maintenance → Security Settings
→ Security page:

Figure 6 : Configure TLS as SIP Transport

Figure 7 : SIP TLS Settings

GXP Security Guide
P a g e | 7