When SIP TLS is used, the GAC2500 also offers additional configurations to check domain certificate
and validate certificate chain. These settings can be found under web UI → Account → Account x →
SIP Settings.
Check Domain Certificate:
-
If enabled, the GAC2500 will check the domain certificate when TLS/TCP is used for SIP transport.
The default setting is "No".
Validate Certification Chain:
-
If enabled, the GAC2500 will validate server's certification chain when TLS/TCP is used for SIP
transport. The default setting is "No".
•
Local SIP port when using UDP/TCP:
Starting from 5060 for account 1, the port numbers increase by 2 for account x. For example, 5062 is
the default local SIP port for account 2, 5064 for account 3, etc. The local SIP port can be configured
under Account→SIP Settings for each SIP account.
•
Local SIP port when using TLS:
The SIP TLS port is the UDP SIP port plus 1. For example, if account 1's SIP port is 5060, its TLS port
would be 5061.
Figure 9: Additional SIP TLS Settings
GAC2500 Security Guide
P a g e
|
10