SECURITY GUIDELINES FOR GXV3370 DEPLOYMENT
Often times the GXV3370s are deployed behind NAT. The network administrator can consider following
security guidelines for the GXV3370 to work properly and securely.
• Turn off SIP ALG on the router
On the customer’s router, it’s recommended to turn off SIP ALG (Application Layer Gateway). SIP ALG
is common in many routers intending to prevent some problems caused by router firewalls by inspecting
VoIP packets and modifying it if necessary. Even though SIP ALG intends to prevent issues for VoIP
devices, it can be implemented imperfectly causing problems, especially in some cases SIP ALG
modifies SIP packets improperly which might cause VoIP devices fail to register or establish calls.
• Use TLS and SRTP for SIP calls
On the GXV3370, it’s recommended to use TLS for SIP transport with “sips” in SIP URL scheme for
SIP signaling encryption, and use SRTP for media encryption. Below table lists all the SIP ports and
RTPs port used on the GXV3370 if the network administrator needs to create firewall rules.
To Next Page
Loading...
Need help?
General
