manualshive.com logo in svg

Dinstar SBC1000, User Manual

Share
Download
Dinstar SBC1000 User Manual Download Page 58

                                                                                                                                                     

3 Configurations on Web Interface 

 

SBC1000 Session Border Controller 

Copyright©2011-2018 Dinstar     

52 

 

 

Figure 3-31 IP Security Strategy 

Click 

to add a strategy to prevent attacks from other IP addresses. Click 

  to delete a strategy, while 

click 

  to modify the strategy. 

 

Figure 3-32 Add IP Security Strategy 

Table 3-29 IP Security Strategy 

Time Limiting 

The validity time of the IP security strategy. When the validity time expires, the strategy 

needs to be retriggered, otherwise it will not takes effect.   

Index 

The greater digit, the lower priority 

Description 

The description of the IP security strategy. It cannot be modified after the strategy has been 

successfully added. 

Detection 

Remote IP: when the packet traffic sent by remote IP exceeds the configured traffic threshold 

(KBPS) or the CPU usage exceeds the configured threshold, SBC1000 will execute the preset 

action.       

Local  port:  when  the  packet  traffic  received  by  local  port  exceeds  the  configured  traffic 

threshold (KBPS) or the CPU usage exceeds the configured threshold, SBC1000 will execute 

the preset action.       

CPU Usage 

The CPU usage rate 

If this parameter is null, it means CPU usage is not a condition for triggering security strategy.     

Traffic

KBPS

 

The  maximum packet traffic sent by the peer IP or received by local port. If this threshold is 

surpassed, SBC1000 will execute the configured action on the packets.   

Summary of Contents for SBC1000

Page 1: ...V1 0 Shenzhen Dinstar Co Ltd Address 9th Floor Guoxing Building Changxing Road Nanshan District Shenzhen China Postal Code 518052 Telephone 86 755 61919966 Fax 86 755 26456659 Emails sales dinstar co...

Page 2: ...ut how to install configure or use it Please read the manual carefully before installing it Intended Audience This manual is primarily aimed at the following people Users Engineers who install configu...

Page 3: ......

Page 4: ...all Control 5 Maintenance 6 Environmental 6 2 Installation 7 2 1 Preparations before Installation 7 Attentions for Installation 7 Preparations about Installation Site 7 Installation Tools 8 Unpacking...

Page 5: ...22 Media Detection 22 CDR 22 Number Profile 23 Time Profile 24 Rate Limit 25 Black White List 25 Codec Profile 27 Number Manipulation 28 Number Pool 29 SIP Header Manipulation 30 SIP Header Passthrou...

Page 6: ...ession Border Controller Copyright 2011 2018 Dinstar V Backup Restore 61 License 62 Certificate 62 3 7 Maintenance 62 Login Log 62 Operation Log 63 Security Log 63 Log Management 64 Tools 64 4 Abbrevi...

Page 7: ...star SBC1000 provides rich SIP based services such as safe network access robust security system interconnectivity flexible session routing policy management QoS media transcoding and media processing...

Page 8: ...s initialized successfully and is running normally Fast flash for two times with interval of 1s Image file is upgraded successfully Fast Flashing 200ms Image file fails to be upgraded Other Statuses T...

Page 9: ...list black list QoS static route NAT traversal Import export of remote upgrade and configuration data Encrypted sessions through SRTP and SIP over TLS User friendly web interface multiple management w...

Page 10: ...ion 25 registrations per second SIP Trunks 128 SIP trunks at maximum VoIP SIP 2 0 compliant UDP TCP TLS SIP trunk Peer to peer SIP trunk Access SIP registrations B2BUA Back to Back User Agent SIP Requ...

Page 11: ...Dynamic Buffer Security Prevention of DoS and DDos attacks Control of access policies Policy based anti attacks Call Security with TLS SRTP White List Black List Access Rule List Embedded VoIP Firewa...

Page 12: ...eport and CDR Export Ping and Tracert Network Capture System Logs Statistics and Reports Multiple Languages Centralized Management System Remote Web and Telnet Environmental Redundant Power Supply 100...

Page 13: ...s a three pin socket which should be grounded well It s suggested that personnel who has experience or who has received related training be responsible for installing and maintaining SBC1000 Please we...

Page 14: ...etwork cables One grounding cable One serial console cable Flanks and screws 2 2 Installtion of SBC1000 Put SBC1000 into Shelf Put the SBC1000 device on the shelf or cabinet horizontally Connect SBC10...

Page 15: ...wn brown Step3 Put the wires into the PINs of a RJ45 joint according to the abovementioned wire sequence of EIA TIA 568B and then use a wire crimper to crimp the RJ45 joint Step4 On the other end of t...

Page 16: ...twork connection failure according to the following steps Step1 In case that the network cable is inserted into one of the service ports please pull out the network cable and insert it into the Admin...

Page 17: ...t the first time that the SBC1000 device is put in use please connect the device s Admin port to a PC by using a network cable and then modify the IP address of the PC to make it at the same network s...

Page 18: ...C and log into the Web interface of the device and then enable GE0 GE1 GE2 and GE3 ports on the Security Access Control page Log in Web Interface Open a web browser and enter the IP address of the Adm...

Page 19: ...on interfaces Click a button of the main menu bar and select a node of the navigation tree on the left you will see a detailed display interface or configuration interface Figure 3 3 Structure of Web...

Page 20: ...on Flow System Status Log into the Web interface and the System Status page is displayed On the page call statistics and its graphic device information MCU Main Control Unit status as well as general...

Page 21: ...age of answered telephone calls with respect to the total call volume ASR answered call total attempts of calls RPS Registrations Per Second The number of new requests for registrations every second a...

Page 22: ...f the license is in its validity period Valid will be displayed If the license has expired Invalid is shown License Expires The remaining time of license validity Current Time The current time of SBC1...

Page 23: ...evice is booted up Note Calls are grouped into inbound calls and outbound calls Inbound calls go from terminal users to SBC1000 while outbound calls are exactly the opposite Inbound calls and outbound...

Page 24: ...ed by the access SIP trunk since the device is booted up Registered The total number of users that are successfully registered to SBC1000 by the help of the access SIP trunk and are still in validity...

Page 25: ...r of users that are successfully registered to SBC1000 by the help of the core SIP trunk and are still in validity period ASR The ASR of the core SIP trunk since the device is booted up ASR successful...

Page 26: ...If the RTP port is displayed as 0 it means the RTP session has not been connected successfully Duration s The duration of the call Name The name of the call which will be used when the call goes thro...

Page 27: ...AT IP Addr NAT source the IP address and NAT address of terminal user IP Addr NAT destination the IP address and NAT address of core network s SIP trunk Attack List On the Overview Attack List page th...

Page 28: ...ceived by the set local port are dropped during the protection time Protection Time The duration of the action conducted on attack source 3 4 Service Media Detection On the Service Media Detection pag...

Page 29: ...rt The SIP port through which the CDR server receives CDRs Transport The transport protocol adopted to transport CDRs which can be UDP or TCP Format The coded format of CDRs which only supports json c...

Page 30: ...llee number matches the set prefix the call will be passed to choose a specific route Time Profile On the Service Time Profile page you can set a time period for calls to choose routes If the local ti...

Page 31: ...f the rate limit rule RPS The maximum number of registrations that is allowed per second CPS The maximum number of calls that is allowed per second Max Concurrent Calls The maximum number of concurren...

Page 32: ...st Table 3 16 Blacklist Whitelist Blacklist Group The name of the blacklist It cannot be modified after the blacklist group is added successfully Whitelist Group The name of the whitelist It cannot be...

Page 33: ...modified after the codec group has been added successfully Description The description of the codec group Max Packetizing Time The maximum packetizing time that the codec group supports Codec SBC1000...

Page 34: ...3 20 Configure Number Manipulation Rule Table 3 18 Number Manipulation Rule Name The name of this manipulation rule It cannot be modified after the manipulation rule has been added successfully Descr...

Page 35: ...callee number can match one of the rules set in the Condition parameter the original number will be changed into the one set in the Replaced By parameter Replaced By If a caller callee number can matc...

Page 36: ...rule Caller Callee Number Prefix If the prefix here is matched with a caller callee number the caller callee number will be randomly replaced by a number from the pool Start Number The starting numbe...

Page 37: ...peration The operation rule will be applied when the set condition is met For example when the set value meets the source ID in Request Line the actions add modify or remove will be conducted on the d...

Page 38: ...e content with is the content which is from the designated header of original SIP message SIP Header Passthrough On the Service SIPHeader Passthrough page you can configure one or more SIP Header Pass...

Page 39: ...e passing through these two SIP headers as they might conflict with the configurations of SBC1000 2 The following SIP heads are not allowed to be passed through Network To From Contact Cseq Max Forwar...

Page 40: ...has been added successfully Description The description of the access network Interface The interface of the access network It can be eth0 eth1 eth2 or eth3 Transport Protocol Select a transport proto...

Page 41: ...ess network Please refer to 3 4 6 If no black list and white list are selected for the access network all calls are allowed to go through the access network Inbound Manipulation Select a number manipu...

Page 42: ...sages Disable INVITE request and 1xx response sent out by SBC1000 will not include 100rel tag by default Support INVITE request and 1xx response sent out by SBC1000 will include 100rel tag in Supporte...

Page 43: ...REQUEST URI of INVITE message is extracted as callee number SIP Methods Configure the SIP request methods that can be accepted by the access network If a SIP request method is not enabled the system w...

Page 44: ...unk Interface The SBC1000 device s Ethernet interface configured to connect the access SIP trunk It can be eth0 eth1 eth2 eth3 or VLAN Transport Select a transport protocol for the access SIP trunk It...

Page 45: ...ease refer to 3 4 8 and 3 4 9 DTMF DTMF is short for Dual Tone Multi Frequency There are three DTMF modes including SIP Info Inband RFC2833 If the DTMF mode of an access SIP trunk differs from that of...

Page 46: ...s If Supported is selected SBC1000 will send reinvite messages to keep activating sessions within the configured duration If no messages are detected within the configured duration sessions will be co...

Page 47: ...E message is extracted as caller number Display the DISPLAY field of FROM header of INVITE message is extracted as caller number Callee From User the USER field of TO header of INVITE message is extra...

Page 48: ...3 Configurations on Web Interface SBC1000 Session Border Controller Copyright 2011 2018 Dinstar 42...

Page 49: ...s contained in SIP messages sent out by SBC1000 will be turned into the outbound IP address of public network If NAT is enabled you need to fill in the outbound IP address of public network Rate Limit...

Page 50: ...trunk successfully the status of the SIP trunk will be True If the peer device fails to register or does not register to the SIP trunk the status of the SIP trunk will be Flase Registration When Serv...

Page 51: ...er device supports 100rel it will send the PRACK request to acknowledge the response From Header It can be Local Domain or Peer Domain Local Domain is the default value Remote media send addresses Loc...

Page 52: ...trunks and then set a strategy backup or load balance for choosing which truck will be used under a trunk group when a call comes in Figure 3 27 Configure SIP Trunk Group Table 3 25 SIP Trunk Group Na...

Page 53: ...unk Name The name of the access SIP trunk or core SIP trunk included in the trunk group 2 Call Routing Figure 3 28 Call Routing Table 3 26 Call Routing Index The index of the route which determines th...

Page 54: ...IP URL from callee can be any Source Type The source of the call routed by the route If the source of a call is access network or access SIP trunk the destination can only be core SIP trunk If the sou...

Page 55: ...is a kind of DDOS attack It can send a mass of ICMP packets to attack the SBC1000 device If this parameter is enabled the device will drop those packets whose transmission rate exceeds the configured...

Page 56: ...ce crash If this parameter is enabled the device will drop those packets whose transmission rate exceeds the configured value of peak PPS Packet Per Second the range of the peak PPS is from 1 to 1000...

Page 57: ...select the checkbox on the right of GE0 GE1 GE2 or GE3 it means the selected port is allowed to access the Web interface of SBC1000 By default GE0 GE1 GE2 and GE3 are not allowed to access the Web in...

Page 58: ...curity strategy It cannot be modified after the strategy has been successfully added Detection Remote IP when the packet traffic sent by remote IP exceeds the configured traffic threshold KBPS or the...

Page 59: ...ng the limitation time Packet Rate Limited when the security strategy is triggered and takes effect the packet rate of peer IP address or the set local port is limited and those packets whose traffics...

Page 60: ...vice name certification network port mapping static routes username password as well as time zone current time You can also upgrade software versions backup or restore configuration data and update li...

Page 61: ...k On the System Network page you can configure the IP address Subnet mask gateway and DNS server You can also add VLAN on the page Figure 3 37 Network Port Figure 3 38 Modify Port Information Click to...

Page 62: ...t or VLAN with the highest priority The smaller digit the higher priority Network Mode The way for network port Admin GE0 GE1 GE2 and GE3 to get its IP address Currently SBC1000 only supports static I...

Page 63: ...in local area network such as 5060 Transport Protocol Choose TCP UDP or TCP UDP Internal host interface The mapped interface of the SBC1000 device in local area network Internal host IP address The ma...

Page 64: ...te Mask The netmask of the static route such as 255 255 255 0 Interface The source interface of the static route such as GE0 GE1 GE2 and GE3 Nexthop The next hop address namely the router address pass...

Page 65: ...r which is used to log in the SBC1000 device Password The password for the user to log in the SBC1000 device Confirm Confirm the password Password Strength The security strength of the password Role A...

Page 66: ...tion where the device is placed Synchronize Time If the current time of SBC1000 is wrong and the device fails to synchronize with a NTP server you can synchronize the current time to that of the PC wh...

Page 67: ...ta including service configurations network configurations and license certificate After the configuration data is restored the SBC1000 device will automatically restart Figure 3 47 Backup Restore Tab...

Page 68: ...d The SBC1000 device will not accept registrations and calls after the license expires Figure 3 48 License Information Certificate On the System Certificate page you need to upload a certificate to en...

Page 69: ...carried out on the Web interface can be queried on the Maintenance Operation Log page You are allowed to set query criteria to view the logs that you want Figure 3 51 Operation Log Security Log The l...

Page 70: ...ctions for using Ping 1 Enter the IP address or domain name of a network a website or a device in the input box of Ping and then click Ping 2 If related messages are received it means the network work...

Page 71: ...sion Border Controller Copyright 2011 2018 Dinstar 65 4 Abbreviation SBC Session Border Controller SIP Session Initiation Protocol DTMF Dual Tone Multi Frequency NAT Network Address Translation VLAN V...

Reviews:

No comments

Brands by name

Popular brands

Load more brands