Figure 10: Additional Sip Tls Settings - Grandstream Networks GAC2500 Security Manual

When SIP TLS is used, the GAC2500 also offers additional configurations to check domain certificate
and validate certificate chain. These settings can be found under web UI → Account → Account x →
SIP Settings.
Check Domain Certificate:
-
If enabled, the GAC2500 will check the domain certificate when TLS/TCP is used for SIP transport.
The default setting is "No".
Validate Certification Chain:
-
If enabled, the GAC2500 will validate server's certification chain when TLS/TCP is used for SIP
transport. The default setting is "No".
•
Local SIP port when using UDP/TCP:
Starting from 5060 for account 1, the port numbers increase by 2 for account x. For example, 5062 is
the default local SIP port for account 2, 5064 for account 3, etc. The local SIP port can be configured
under Account→SIP Settings for each SIP account.
•
Local SIP port when using TLS:
The SIP TLS port is the UDP SIP port plus 1. For example, if account 1's SIP port is 5060, its TLS port
would be 5061.
Figure 9: Additional SIP TLS Settings
GAC2500 Security Guide
P a g e | 10