[ S N O M 4 S N A T F I L T E R ]
•If the packet was already authenticated or internally generated, the further processing of the packet can start.
•If the request is a register request and the registration is still valid, the packet forwarded to the further processing. This behaviour can be disabled with the “Challenge Refresh Registrations” setting.
•If the packet belongs to an existing call and is not the initial INVITE, the packet is forwarded to the further processing. This behaviour can be disabled with the “Challenge Inside Dialog” setting.
•If the packet comes from a trusted IP address, the following checks are performed. If the request comes directly from a UA (there is exactly one Via header), the packet is forwarded to the further pro- cessing. In this case the SBC will insert a
•If the request method is ACK or CANCEL, the packet is forwarded to the further processing. Note that in this case the SBC does not insert a
•The SBC then looks at the user and host part of the
•If the user/host pair is present in the authentication cache, the SBC will check if the packet contains the correct answer to a challenge. Note, that typically during the first time of processing a request this is not the case and the packet gets challenged with a new allocated nonce. If this check succeeds, the SBC adds a
•Otherwise, it will allocate a new nonce and challenge the request. The nonce represents a question that can only be answered by the shared secret, the password of that user/host pair. The nonce will expire after one hour and is deleted when the question is answered
5.
