CHAPTER14 Security
Mediant 1000 Gateway & E-SBC | User's Manual
● When a TLS connection with the device is initiated by a SIP client, the device also
responds using TLS, regardless of whether or not TLS was configured.
● The device regulates the number of new concurrent TLS connections that can be
established per second. This protects the device from flooding (avalanches) of new
TLS connections which may be caused from TLS-based malicious attacks or
distributed denial-of-service (DDoS) attacks.
➢ To configure SIPS:
1. Configure a TLS Context as required (see Configuring TLS Certificate Contexts).
2. Assign the TLS Context to a Proxy Set or SIP Interface (see Configuring Proxy Sets and
Configuring SIP Interfaces, respectively).
3. Configure a SIP Interface with a TLS port number.
4. Configure various SIPS parameters in the Security Settings page (Setup menu > IP Network
tab > Security folder > Security Settings).
For a description of the TLS parameters, see TLS Parameters.
5. By default, the device initiates a TLS connection only for the next network hop. To enable TLS
all the way to the destination (over multiple hops), configure the 'SIPS' (EnableSIPS)
parameter to Enable on the Transport Settings page (Setup menu > Signaling & Media tab >
SIP Definitions folder > Transport Settings):
- 143 -
To Next Page
Loading...
Need help?
General
