manualshive.com logo in svg

Dinstar SBC300, User Manual

Share
Download
Dinstar SBC300 User Manual Download Page 55

                                                                                                                                                     

3 Configurations on Web Interface 

 

SBC300 Session Border Controller 

Copyright©2011-2018 Dinstar     

49 

 

3.5 

Security   

In the 

Security 

section, you can configure the system security strategies, anti-attack strategies and access control 

strategies.   

System 

System security is mainly used to prevent SBC300 from being attacked by various DOS/DDOS floods, so as to 

ensure stable running of the device.   

 

Figure 3-29 System Security 

Table 3-27 System Security 

Attack Log 

If ‘Attack Log’ is enabled and SBC300 is attacked, the device will record 

the  attack  in  logs  which  can  be  viewed  on  the 

Maintenance 

Log 

Security Log

 page. 

ICMP-Flood 

ICMP-Flood is a kind of DDOS attack. It can send a mass of ICMP packets 

to attack the SBC300 device.   

If  this  parameter  is  enabled,  the  device  will  drop  those  packets  whose 

transmission  rate  exceeds  the  configured  value  of  peak  PPS(Packet Per 

Second); the range of the peak PPS is from 1 to 1000. 

PING of Death 

If this parameter is enabled, the SBC300 device will not give response to 

the  PING  request  sent  by  devices  in  public  network.  It  is  disabled  by 

default. 

UDP-Flood 

UDP-Flood is a kind of DDOS attack. It can send a mass of UDP packets 

to attack the SBC300 device.   

If  this  parameter  is  enabled,  the  device  will  drop  those  packets  whose 

transmission rate exceeds the configured  value of peak PPS (Packet  Per 

Second); the range of the peak PPS is from 1 to 1000. 

TCP-NULL 

TCP NULL is a scan to determine if ports are closed on the target device. 

Summary of Contents for SBC300

Page 1: ...V1 0 Shenzhen Dinstar Co Ltd Address 9th Floor Guoxing Building Changxing Road Nanshan District Shenzhen China Postal Code 518052 Telephone 86 755 61919966 Fax 86 755 26456659 Emails sales dinstar com...

Page 2: ...ut how to install configure or use it Please read the manual carefully before installing it Intended Audience This manual is primarily aimed at the following people Users Engineers who install configu...

Page 3: ......

Page 4: ...l Control 5 Maintenance 6 Environmental 6 2 Installation 7 2 1 Preparations before Installation 7 Attentions for Installation 7 Preparations about Installation Site 7 Installation Tools 7 Unpacking 8...

Page 5: ...2 Number Profile 23 Time Profile 24 Rate Limit 25 Black White List 25 Codec Profile 27 Number Manipulation 28 Number Pool 29 SIP Header Manipulation 30 SIP Header Passthrough 32 Access Network 33 Acce...

Page 6: ...Border Controller Copyright 2011 2018 Dinstar V Double device Hot Standby 62 License 62 Certificate 62 3 7 Maintenance 63 Login Log 63 Operation Log 63 Security Log 63 Log Management 64 Tools 64 4 Ab...

Page 7: ...vices such as safe network access robust security system interconnectivity flexible session routing policy management QoS media transcoding and media processing for enterprises With distributed multi...

Page 8: ...essfully and is running normally Fast flash for two times with interval of 1s Image file is upgraded successfully Fast Flashing 200ms Image file fails to be upgraded Other Statuses The device is in ab...

Page 9: ...tacks Prevention of address spoofing prevention of illegal SIP RTP packages Bandwidth limitation and dynamic white list black list Bandwidth limitation and dynamic white list black list VLAN QoS stati...

Page 10: ...tions Maximum SIP registrations 3000 CPS for Registration 20 registrations per second SIP Trunks 128 SIP trunks at maximum VoIP SIP 2 0 compliant UDP TCP TLS SIP trunk Peer to peer SIP trunk Access SI...

Page 11: ...ence Suppression Comfort Noise Voice Activity Detection VAD Echo Cancellation G 168 128ms Adaptive Dynamic Buffer Security Prevention of DoS and DDos attacks Control of access policies Policy based an...

Page 12: ...or Configurations Configurations Restore Backup HTTP Firmware Upgrade CDR Report and CDR Export Ping and Tracert Network Capture System Logs Statistics and Reports Multiple Languages Centralized Manag...

Page 13: ...s suggested that personnel who has experience or who has received related training be responsible for installing and maintaining SBC300 Please wear ESD wrist strap when installing SBC300 Please do no...

Page 14: ...300 to Network SBC300 has five network ports namely the gigabit network port for services from GE0 to GE3 and the gigabit network port for network management Admin It is advised to connect GE0 GE1 GE2...

Page 15: ...n the following figure Wire sequence of 568A white green green white orange blue white blue orange white brown brown Step5 Put the wires into the PINs of a RJ45 joint according to the abovementioned w...

Page 16: ...network cable and insert it into one of the service ports If the indicator for the corresponding service port is on it can be concluded that the Admin port is faulty Step2 If the corresponding indicat...

Page 17: ...At the first time that the SBC300 device is put in use please connect the device s Admin port to a PC by using a network cable and then modify the IP address of the PC to make it at the same network s...

Page 18: ...and log into the Web interface of the device and then enable GE0 GE1 GE2 and GE3 ports on the Security Access Control page Log in Web Interface Open a web browser and enter the IP address of the Admi...

Page 19: ...n interfaces Click a button of the main menu bar and select a node of the navigation tree on the left you will see a detailed display interface or configuration interface Figure 3 3 Structure of Web I...

Page 20: ...n Flow System Status Log into the Web interface and the System Status page is displayed On the page call statistics and its graphic device information MCU Main Control Unit status as well as general i...

Page 21: ...age of answered telephone calls with respect to the total call volume ASR answered call total attempts of calls RPS Registrations Per Second The number of new requests for registrations every second a...

Page 22: ...f the license is in its validity period Valid will be displayed If the license has expired Invalid is shown License Expires The remaining time of license validity Current Time The current time of SBC3...

Page 23: ...device is booted up Note Calls are grouped into inbound calls and outbound calls Inbound calls go from terminal users to SBC300 while outbound calls are exactly the opposite Inbound calls and outbound...

Page 24: ...ted by the access SIP trunk since the device is booted up Registered The total number of users that are successfully registered to SBC300 by the help of the access SIP trunk and are still in validity...

Page 25: ...er of users that are successfully registered to SBC300 by the help of the core SIP trunk and are still in validity period ASR The ASR of the core SIP trunk since the device is booted up ASR successful...

Page 26: ...If the RTP port is displayed as 0 it means the RTP session has not been connected successfully Duration s The duration of the call Name The name of the call which will be used when the call goes thro...

Page 27: ...T IP Addr NAT source the IP address and NAT address of terminal user IP Addr NAT destination the IP address and NAT address of core network s SIP trunk Attack List On the Overview Attack List page the...

Page 28: ...ceived by the set local port are dropped during the protection time Protection Time The duration of the action conducted on attack source 3 4 Service Media Detection On the Service Media Detection pag...

Page 29: ...t The SIP port through which the CDR server receives CDRs Transport The transport protocol adopted to transport CDRs which can be UDP or TCP Format The coded format of CDRs which only supports json cu...

Page 30: ...llee number matches the set prefix the call will be passed to choose a specific route Time Profile On the Service Time Profile page you can set a time period for calls to choose routes If the local ti...

Page 31: ...f the rate limit rule RPS The maximum number of registrations that is allowed per second CPS The maximum number of calls that is allowed per second Max Concurrent Calls The maximum number of concurren...

Page 32: ...t Table 3 16 Blacklist Whitelist Blacklist Group The name of the blacklist It cannot be modified after the blacklist group is added successfully Whitelist Group The name of the whitelist It cannot be...

Page 33: ...modified after the codec group has been added successfully Description The description of the codec group Max Packetizing Time The maximum packetizing time that the codec group supports Codec SBC300 s...

Page 34: ...3 20 Configure Number Manipulation Rule Table 3 18 Number Manipulation Rule Name The name of this manipulation rule It cannot be modified after the manipulation rule has been added successfully Descri...

Page 35: ...callee number can match one of the rules set in the Condition parameter the original number will be changed into the one set in the Replaced By parameter Replaced By If a caller callee number can matc...

Page 36: ...rule Caller Callee Number Prefix If the prefix here is matched with a caller callee number the caller callee number will be randomly replaced by a number from the pool Start Number The starting numbe...

Page 37: ...peration The operation rule will be applied when the set condition is met For example when the set value meets the source ID in Request Line the actions add modify or remove will be conducted on the d...

Page 38: ...e content with is the content which is from the designated header of original SIP message SIP Header Passthrough On the Service SIPHeader Passthrough page you can configure one or more SIP Header Pass...

Page 39: ...e passing through these two SIP headers as they might conflict with the configurations of SBC300 2 The following SIP heads are not allowed to be passed through Network To From Contact Cseq Max Forward...

Page 40: ...has been added successfully Description The description of the access network Interface The interface of the access network It can be eth0 eth1 eth2 or eth3 Transport Protocol Select a transport proto...

Page 41: ...ess network Please refer to 3 4 6 If no black list and white list are selected for the access network all calls are allowed to go through the access network Inbound Manipulation Select a number manipu...

Page 42: ...ages Disable INVITE request and 1xx response sent out by SBC300 will not include 100rel tag by default Support INVITE request and 1xx response sent out by SBC300 will include 100rel tag in Supported h...

Page 43: ...REQUEST URI of INVITE message is extracted as callee number SIP Methods Configure the SIP request methods that can be accepted by the access network If a SIP request method is not enabled the system w...

Page 44: ...runk Interface The SBC300 device s Ethernet interface configured to connect the access SIP trunk It can be eth0 eth1 eth2 eth3 or VLAN Transport Select a transport protocol for the access SIP trunk It...

Page 45: ...ease refer to 3 4 8 and 3 4 9 DTMF DTMF is short for Dual Tone Multi Frequency There are three DTMF modes including SIP Info Inband RFC2833 If the DTMF mode of an access SIP trunk differs from that of...

Page 46: ...ons If Supported is selected SBC300 will send reinvite messages to keep activating sessions within the configured duration If no messages are detected within the configured duration sessions will be c...

Page 47: ...E message is extracted as caller number Display the DISPLAY field of FROM header of INVITE message is extracted as caller number Callee From User the USER field of TO header of INVITE message is extra...

Page 48: ...3 Configurations on Web Interface SBC300 Session Border Controller Copyright 2011 2018 Dinstar 42...

Page 49: ...contained in SIP messages sent out by SBC300 will be turned into the outbound IP address of public network If NAT is enabled you need to fill in the outbound IP address of public network Rate Limit T...

Page 50: ...trunk successfully the status of the SIP trunk will be True If the peer device fails to register or does not register to the SIP trunk the status of the SIP trunk will be Flase Registration When Serv...

Page 51: ...device supports 100rel it will send the PRACK request to acknowledge the response From Header It can be Local Domain or Peer Domain Local Domain is the default value Remote media send addresses Lock w...

Page 52: ...runks and then set a strategy backup or load balance for choosing which truck will be used under a trunk group when a call comes in Figure 3 27 Configure SIP Trunk Group Table 3 25 SIP Trunk Group Nam...

Page 53: ...nk Name The name of the access SIP trunk or core SIP trunk included in the trunk group 2 Call Routing Figure 3 28 Call Routing Table 3 26 Call Routing Index The index of the route which determines the...

Page 54: ...IP URL from callee can be any Source Type The source of the call routed by the route If the source of a call is access network or access SIP trunk the destination can only be core SIP trunk If the sou...

Page 55: ...is a kind of DDOS attack It can send a mass of ICMP packets to attack the SBC300 device If this parameter is enabled the device will drop those packets whose transmission rate exceeds the configured...

Page 56: ...ce crash If this parameter is enabled the device will drop those packets whose transmission rate exceeds the configured value of peak PPS Packet Per Second the range of the peak PPS is from 1 to 1000...

Page 57: ...select the checkbox on the right of GE0 GE1 GE2 or GE3 it means the selected port is allowed to access the Web interface of SBC300 By default GE0 GE1 GE2 and GE3 are not allowed to access the Web int...

Page 58: ...ecurity strategy It cannot be modified after the strategy has been successfully added Detection Remote IP when the packet traffic sent by remote IP exceeds the configured traffic threshold KBPS or the...

Page 59: ...g the limitation time Packet Rate Limited when the security strategy is triggered and takes effect the packet rate of peer IP address or the set local port is limited and those packets whose traffics...

Page 60: ...vice name certification network port mapping static routes username password as well as time zone current time You can also upgrade software versions backup or restore configuration data and update li...

Page 61: ...k On the System Network page you can configure the IP address Subnet mask gateway and DNS server You can also add VLAN on the page Figure 3 37 Network Port Figure 3 38 Modify Port Infomation Click to...

Page 62: ...t or VLAN with the highest priority The smaller digit the higher priority Network Mode The way for network port Admin GE0 GE1 GE2 and GE3 to get its IP address Currently SBC300 only supports static IP...

Page 63: ...r TCP UDP Remote Interface The interface of the client in the wide area network which is to visit the SBC300 device in local area network1 Remote Port Number The port of the client in the wide area ne...

Page 64: ...te Mask The netmask of the static route such as 255 255 255 0 Interface The source interface of the static route such as GE0 GE1 GE2 and GE3 Nexthop The next hop address namely the router address pass...

Page 65: ...er which is used to log in the SBC300 device Password The password for the user to log in the SBC300 device Confirm Confirm the password Password Strength The security strength of the password Role Ad...

Page 66: ...ation where the device is placed Synchronize Time If the current time of SBC300 is wrong and the device fails to synchronize with a NTP server you can synchronize the current time to that of the PC wh...

Page 67: ...ta including service configurations network configurations and license certificate After the configuration data is restored the SBC300 device will automatically restart Figure 3 47 Backup Restore Tabl...

Page 68: ...ing provided by SBC300 will not be interrupted in case that one of the SBC300 devices malfunctions License On the System License page the license information including license beginning time license e...

Page 69: ...criteria to view the logs that you want Figure 3 50 Login Log Operation Log The logs tracing the operations carried out on the Web interface can be queried on the Maintenance Operation Log page You ar...

Page 70: ...ilable network ports PING Ping is used to examine whether a network works normally through sending test packets and calculating response time Instructions for using Ping 1 Enter the IP address or doma...

Page 71: ...Dinstar 65 Step2 View the route information from the returned message Network Capture On the following interface you can capture data packages of the available network ports You can also set source I...

Page 72: ...sion Border Controller Copyright 2011 2018 Dinstar 66 4 Abbreviation SBC Session Border Controller SIP Session Initiation Protocol DTMF Dual Tone Multi Frequency NAT Network Address Translation VLAN V...

Page 73: ...4 Abbreviation SBC300 Session Border Controller Copyright 2011 2018 Dinstar 67...

Reviews:

No comments

Brands by name

Popular brands

Load more brands