Configuring Tls Server Certificate Expiry Check; Configuring Firewall Rules - AudioCodes Mediant 4000 SBC User Manual
Session border controllers
Hide thumbs
Also See for Mediant 4000 SBC:
- User manual (964 pages) ,
- Hardware installation manual (40 pages) ,
- User manual (822 pages)
Table of Contents
Advertisement
CHAPTER 14 Security
When a user connects to the secured Web interface of the device:
■
If the user has a client certificate from a CA that is listed in the Trusted Root Certificate file, the
connection is accepted and the user is prompted for the system password.
■
If both the CA certificate and the client certificate appear in the Trusted Root Certificate file,
the user is not prompted for a password (thus, providing a single-sign-on experience - the
authentication is performed using the X.509 digital signature).
■
If the user does not have a client certificate from a listed CA or does not have a client
certificate, the connection is rejected.
●
●
●
Configuring TLS Server Certificate Expiry Check
You can configure the TLS Server Certificate Expiry Check feature per TLS Context, whereby the
device periodically checks the validation date of installed TLS server certificates. You can also
configure the device to send an SNMP alarm (acCertificateExpiryAlarm) at a user-defined number
of days before the installed TLS server certificate is to expire. The alarm indicates the TLS Context
to which the certificate belongs.
➢
To configure TLS certificate expiry checks and notification:
1.
Open the TLS Contexts table (see
2.
Select the required TLS Context index row, and then click the Change Certificate link located
below the table; the Change Certificates page appears.
3.
Scroll down the page to the TLS Expiry Settings group:
4.
In the 'TLS Expiry Check Start' field, enter the number of days before the installed TLS server
certificate is to expire when the device sends an SNMP trap event to notify of this.
5.
In the 'TLS Expiry Check Period' field, enter the periodical interval (in days) for checking the
TLS server certificate expiry date. By default, the device checks the certificate every 7 days.
6.
Click the Submit TLS Expiry Settings button.
Configuring Firewall Rules
The Firewall table lets you configure up to 500 firewall rules, which define network traffic filtering
rules ( access list ) for incoming (ingress) traffic. The access list offers the following firewall
possibilities:
■
Block traffic from known malicious sources
■
Allow traffic only from known "friendly" sources, and block all other traffic
■
Mix allowed and blocked network sources
The process of installing a client certificate on your PC is beyond the scope of this
document. For more information, refer to your operating system documentation
and/or consult with your security administrator.
The root certificate can also be loaded through the device's Automatic Provisioning
mechanism, using the HTTPSRootFileName ini file parameter.
You can enable the device to check whether a peer's certificate has been revoked
by an OCSP server per TLS Context (see
Configuring TLS Certificate
Configuring TLS Certificate
- 137 -
Mediant 4000 SBC | User's Manual
Contexts).
Contexts).
Advertisement
Table of Contents
Troubleshooting
