Parameter Description
TCP Keepalive Enable
[SIPInterface_TCPKeep
aliveEnable]
CLI: tcp-keepalive-
enable
Enables the TCP Keep-Alive mechanism with the IP entity on this SIP
interface. TCP keepalive can be used, for example, to keep a NAT entry
open for clients located behind a NAT server or simply to check that the
connection to the IP entity is available.
[0] No (default)
[1] Yes
Note: For configuring TCP keepalive, use the following ini file
parameters: TCP TCPKeepAliveTime, TCPKeepAliveInterval, and
TCPKeepAliveRetry.
Classification Failure
Response Type
[SIPInterface_Classific
ationFailureResponseT
ype]
CLI:
classification_fail_respon
se_type
Defines the SIP response code that the device sends if a received SIP
request (OPTIONS, REGISTER, or INVITE) has failed the classification
process.
The valid value can be a SIP response code from 400 through 699, or it
can be set to 0 to not send any response at all. The default response
code is 500 (Server Internal Error).
This feature is important for preventing Denial of Service (DoS) attacks,
typically initiated from the WAN. Malicious attackers can use SIP
scanners to detect ports used by SIP devices. These scanners scan
devices by sending UDP packets containing a SIP request to a range of
specified IP addresses, listing those that return a valid SIP response.
Once the scanner finds a device that supports SIP, it extracts information
from the response and identifies the type of device (IP address and
name) and can execute DoS attacks. A way to defend the device against
such attacks is to not send a SIP reject response to these unclassified
"calls" so that the attacker assumes that no device exists at such an IP
address and port.
Note: This parameter is applicable only if the device is set to reject
unclassified calls. This is configured using the 'Unclassified Calls'
parameter on the General Settings page (Configuration tab > VoIP
menu > SBC > General Settings).
19.3 Configuring IP Groups
The IP Group Table page allows you to create up to 32 IP Groups. The IP Group
represents a SIP entity on the network with which the device communicates. This can be a
server (e.g., IP PBX or ITSP) or it can be a group of users (e.g., LAN IP phones). For
servers, the IP Group is typically used to define the server's IP address by associating it
with a Proxy Set (see 'Configuring Proxy Sets Table' on page 219).
For the SBC application, this table can also be used to classify incoming SIP dialog-
initiating requests (e.g., INVITE messages) to specific IP Groups based on the associated
Proxy Set ID. However, it is highly recommended to use the Classification table for
classifying incoming SIP dialogs to the IP Groups (see 'Configuring Classification Rules' on
page 462). See the 'Classify by Proxy Set' parameter below for a detailed description of
this feature and for important recommendations.
For the SBC application, IP Groups are used for IP-to-IP routing rules where they represent
the source and destination of the call (see 'Configuring SBC IP-to-IP Routing' on page
468).
For the Gateway/IP-to-IP application, IP Groups are used for the following:
To Next Page
Loading...
