Snom 4S manual Challenging, Trusted Addresses, Maximum Packet Size

Page 37

[ S N O M 4 S N A T F I L T E R ]

Unfortunately, only a small percentage of existing user agents deal properly with this situation. When you turn the flag on, the filter will only let the first 2xx response pass through to the user agent. Subsequent 2xx responses will be blocked by the filter; instead the filter will send an ACK to the response and immediately terminate the dialog with a BYE message. This is the behaviour of most user agents when receiving mul- tiple 2xx. However, if you are sure that the user agents in your network handle multiple 2xx properly and implement a different behaviour, you should turn this behaviour off.

4.3.9 Challenging

Challenging inside a dialog may be problematic when the call destination does not have any credentials for the system. In this case, it may for example not be able to disconnect a call (BYE gets challenged). Therefore, the SBC may omit the challenging if the setting Challenge Inside Dialog is set to off.

Challenging every request may cause almost double packet traf- fic on the SBC for registrations. It gives you the maximum security, but in most situations it is reasonable to challenge only the requests that will be forwarded to the registrar. The setting Challenge Refresh Registra- tions controls this behaviour.

4.3.10Trusted Addresses

The list of Trusted IP Addresses is used when sensitive infor- mation is extracted from SIP packets. For example, the filter may get an explicit hint on how long the conversation may last at most. If a user agent would send this information, it could easily bypass AAA and make telephone calls even when the prepaid card has expired. If you list the IP addresses of your proxies, you can enhance the security significantly.

4.3.11Maximum Packet Size

The Max MTU tells the filter what the maximum packet size should be. Typically, on Ethernet networks, packets with more than 1492 bytes payload cannot be transported without splitting them up into several packets. As described in the hide routing feature, this can lead to big problems in today’s DSL networks.

4.

snom technology AG • 37

Page 36 Page 38
Image 37
Page 36 Page 38
Contents Snom 4S NAT Filter Admin Manual Snom 4S NAT Filter Version Table of Contents Snmp Overview Applications FeaturesSnom technology AG Overview NAT Filter and SIP ArchitectureNAT How does NAT work? Signalling SIPSymmetrical RTP Classification of User Agents Media RTPRole of the NAT Filter Probing Media PathsNAT Optimizing the Media Path for SymmetricalRegistering SBC BehaviourRTP Relay Snom technology AG NAT Scaling and RedundancyDetecting the right NAT Filter Non NAT-Aware User Agents Requirements on User AgentsSTUN/ICE-Aware User Agents Defining the Maximum Session Time Architecture Windows InstallationInstallation Snom technology AG Installation Snom technology AG Linux Rpm -ihv snomnatf-2.10.*.rpm Installation Port Binding LoggingStandard Port Random Port Logging System SettingsGeneral Outound Proxy Preparing RecoveryPort Budgets Media PortsMedia Relay Controlling RoutingMultiple 2xx Handling Trusted Addresses ChallengingMaximum Packet Size Connection Oriented Media Silence SuppressionRemoving Headers Web Server Integration Codec ControlClir Addresses Register Timeouts Timeout SettingsCall Timeouts Security Settings Snom technology AG Outbound Proxy List Server Log System InformationTrace Call History Current Ports Memory Statistics Currently Handled UAConfiguration Web Server Integration Interface to the Web Server AuthenticationSnom technology AG Web Server Integration Registration Call Initiation Snom technology AG Call Termination Snom technology AG Web Server Integration Setup of the Tools Setup of the SBCOID Available OIDSnom technology AG Snmp Checklist for Installation Checklist for Installation Reader‘s Feedback Snom technology AG All rights reserved
Top Page Image Contents