Configuring Tcp-Udp Proxy Servers - AudioCodes Mediant 4000 SBC User Manual

CHAPTER 16 Services
Parameter
SSL
'TLS Context'
tls-context
[HTTPLocation_
TLSContext]
'Verify Certificate'
verify-cert
[HTTPLocation_
VerifyCertificate]

Configuring TCP-UDP Proxy Servers

The TCP/UDP Proxy Servers table lets you configure up to 10 TCP/UDP proxy servers. This table
allows you to configure the device as a proxy for other applications that are not based on HTTP. For
example, it can be used to intermediate between clients and a DNS server for DNS lookup or
between clients and an NTP server for clock synchronization.
The following procedure describes how to configure a TCP-UDP Proxy Server through the Web
interface. You can also configure it through ini file [TcpUdpServer] or CLI (configure network
> http-proxy > tcp-udp-server).
➢
To configure a TCP/UDP Proxy Server:
1. Open the TCP/UDP Proxy Servers table (Setup menu > IP Network tab > HTTP Proxy folder
> TCP/UDP Proxy Servers).
2. Click New; the following dialog box appears:
Assigns a TLS Context for the TLS connection with the HTTP
location.
To configure TLS Contexts, see
Contexts.
Note:
■ The parameter is applicable only if the connection protocol is
HTTPS (configured in the 'Upstream Scheme' parameter,
above).
■ The NGINX directives for this parameter are "proxy_ssl_
certificate", "proxy_ssl_certificate_key", "proxy_ssl_ciphers",
"proxy_ssl_protocols", and "proxy_ssl_password_file".
Enables TLS certificate verification when the connection with the
location is based on HTTPS. It verifies the certificate of the
incoming connection request from the Upstream Group.
■ [0] No = (Default) No certificate verification is done.
■ [1] Yes = The device verifies the authentication of the certificate
received from the HTTPS location. The device authenticates the
certificate against the trusted root certificate store associated
with the assigned TLS Context (see 'TLS Context' parameter
above) and if ok, allows communication with the HTTPS
location. If authentication fails, the device denies communication
(i.e., handshake fails). The device can also authenticate the
certificate by querying with an Online Certificate Status Protocol
(OCSP) server whether the certificate has been revoked. This is
also configured for the associated TLS Context.
Note:
■ The parameter is applicable only if the connection protocol is
HTTPS (configured in the 'Upstream Scheme' parameter,
above).
■ The NGINX directive for this parameter is "proxy_ssl_verify".
- 269 -
Mediant 4000 SBC | User's Manual
Description
Configuring TLS Certificate