Allo.com STM User Manual
  1. Manuals
  2. Brands
  3. Allo.com Manuals
  4. Telephone Accessories
  5. STM
  6. User manual

Allo.com STM User Manual

Sip treatment management
Hide thumbs Also See for STM:
Table of Contents

Advertisement

Quick Links

Download this manual See also: User Manual

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the STM and is the answer not in the manual?

Questions and answers

Related Manuals for Allo.com STM

Summary of Contents for Allo.com STM

  • Page 2: User Manual

    User Manual ALLO STM Appliance (aSTM) Version 2.0...

  • Page 3: Table Of Contents

    Table of Contents 1. Introduction ......................1 1.1. Overview: ........................1 1.2. STM Deployment Considerations ................3 2. Initial Setup & Configuration ................4 2.2. Default Configuration ....................4 2.3. Accessing the WebUI ....................5 2.4 WebUI Session timeout ....................7 2.5 WebUI Settings ......................
  • Page 4 6.4. Traceroute ......................... 23 6.5.Troubleshooting ......................23 6.6. Firmware Upgrade ..................... 24 6.7. Logs Archive ......................24...

  • Page 5: Introduction

    1. Introduction 1.1. Overview: Allo STM is an appliance based VoIP threat prevention solution dedicated to protect the SIP based PBX/Telecom Gateway/IP Phones/Mobile devices deployments. The appliance runs the Real time Deep Packet Inspection on the SIP traffic to identify the VOIP attack vectors and prevents the threats impacting the SIP based devices.

  • Page 6: Technical Specifications

    STM- Introduction • Web/SSL based Device Management Access which will allow managing the device anywhere from the Cloud. • Ability to restrict the device management access to specific IP/Network. • Provide System Status/Security events logging option to remote syslog server.

  • Page 7: Stm Deployment Considerations

    Some of the PBX/Gateway devices may have an exclusive LAN/Mgmt Interface for device management purpose other than the Data Interface (also referred as WAN/Public Interface). In such cases LAN port of the STM should be connected to the Data Interface (WAN/Public Interface).

  • Page 8: Initial Setup & Configuration

    Some of the PBX/Gateway devices may have an exclusive LAN/Mgmt Interface for device management purpose other than the Data Interface (also referred as WAN/Public Interface). In such cases LAN port of the STM should be connected to the Data Interface (aka WAN/Public Interface).

  • Page 9: Accessing The Webui

    Verify the address using the ‘show ip’ command. Then use this IP address, to access the WebUI/SSH to configure the device configuration further. On launching the STM WebUI, the web application will prompt enter the administrator credentials to login. User Manual v2.0...
  • Page 10 ‘login’ appearing on the information page, to visit the login page again. If somebody is already logged in to STM WebUI session, the subsequent attempts to login will notify the details previous login session as illustrated below and will prompt the user to override the previous session and continue OR to discard the attempt the login.

  • Page 11: Webui Session Timeout

    STM – Initial Setup 2.4 WebUI Session timeout After logging into the WebUI, if there is no activity until the WebUI session timeout period ( By default, the WebUI session timeout is set to 900 seconds ), then the login session will automatically terminated and browser will be redirected to login page again.

  • Page 12: Dashboard

    On logging into the STM WebUI, the dashboard will be shown. The user can visit dashboard page from the any configuration page in the STM WebUI, by clicking the STM Product Icon that appears in the left corner of the Top panel.

  • Page 13: Configuring The Device

    STM- Device Configuration 3. Configuring the Device Configuration pages of the STM WebUI have been made as self- intuitive and easy to configure. All the configuration pages have been made to work with the two-phase commit model. Note: The two-phase commit model is not applicable to time settings and signature update settings.

  • Page 14: General Settings

    . The page also allows to enable/disable the SSH Access to the device. The ‘Allow ICMP’ option will configure the device to respond to the ICMP ping messages sent to STM appliances or not.

  • Page 15: Time Settings

    3.3. Management Access The access the STM Device management (SSH CLI / WebUI Access) can be restricted with the management access filters. By default, the access has been allowed to any global address and management vlan network configuration configure on the device. The administrator can override these settings.

  • Page 16: Signature Update

    Note: When the user buys the STM appliance, the device will be shipped with the SIP signatures that will help in protecting against the SIP based attacks known as of date. However, if the user wants to ensure that his/her SIP Deployments gets the protection against the newer attack vectors, it is recommended to enable the signature update on the device.

  • Page 17: Logging

    STM- Device Configuration 3.5. Logging The administrator can configure the STM appliance to send the security alerts generated on detecting the SIP based attacks, to the remote syslog server. The logging page will allow enable/disable the remote logging of security alerts and to which syslog server the security alerts are to be forwarded.

  • Page 18: Configuring The Sip Security Policies

    The possible actions that the STM can execute are log the alert, block the packets containing the attack vector and blacklist the ip for the given duration. The blocking duration of how long the attacker up needs to be blocked is also configure per category level.
  • Page 19 STM- SIP Security Policies The table given below lists the SIP Deep packet Inspection rules categories supported in STM and configuration parameters in each category. Category Possible Actions User Configurable options SIP Reconnaissance Attacks Log the alert/Block the attack/Blacklist attacker ip...

  • Page 20: Firewall Rules

    STM- SIP Security Policies Messages/Duration SIP Anomaly attacks Log the alert/Block the attack/Blacklist attacker ip SIP Buffer overflow attacks Log the alert/Block the attack/Blacklist attacker ip SIP Cross site scripting Log the alert/Block the attack/Blacklist attacker ip Party vendor Log the alert/Block the...

  • Page 21: White List Rules

    4.4. White list Rules This page allows to configure the white listed ip addresses in the untrusted wan zone from which the access to communicate with the protected SIP network will be allowed by the STM firewall. This page will also allows configuring whether the white rules take precedence over the blacklist rules (both static and dynamic) configured on the device at any instant.

  • Page 22: Dynamic Blacklist Rules

    STM- SIP Security Policies 4.6. Dynamic Blacklist Rules The dynamic blacklist rules are the blocking rules added by the STM SIP deep packet inspection engine to block the traffic from attacker ip addresses for the blocking duration configured in the rules category, on detecting the attack.

  • Page 23: Geo Ip Filter

    STM- SIP Security Policies 4.7. Geo IP Filter The administrator can choose to block the traffic originating from the specific countries towards the protected SIP network, by configuring the GeoIP filter rules in STM User Manual v2.0 www.allo.com...

  • Page 24: Status

    5. Status 5.1. Security Alerts The status alerts page shows the list of alerts pertaining to the SIP attacks detected the STM SIP Deep packet inspection engine at any instant. The administrator can choose to set log viewer page refresh interval in this page.

  • Page 25: Device Administration

    6.2. Diagnostics The diagnostics page will allow the administrator to gather the troubleshooting logs which will help Allo Support team in debugging any issues faced with STM deployment setup. User Manual v2.0 www.allo.com...

  • Page 26: Ping

    The administrator can troubleshoot the network connectivity issues with running ping from the STM device. The administrator needs to enter the IP address that needs to be pinged from the STM appliance/ping count and click the ‘Ping’ button to run the task. The ping results will be displayed in the text area once the ping task is complete.

  • Page 27: Traceroute

    The administrator needs to enter the IP address to which the route needs to be traced from the STM appliance/hop count and click the ‘Traceroute’ button to run the task. The traceroute results will be displayed in the text area once the traceroute task is complete.

  • Page 28: Firmware Upgrade

    6.7. Logs Archive If the USB storage device attached to STM, the device will attempt to archive older logs in the USB storage device. The summary information on the logs stored on archive will be shown in the Logs Archive Page.
  • Page 29 STM- Device Administration Thanks for Choosing Allo STM. Any Technical assistance required, Kindly raise the support ticket at http://support.allo.com/ User Manual v2.0 www.allo.com...

Table of Contents