manualshive.com logo in svg

Dinstar SBC3000, User Manual

Share
Download
Dinstar SBC3000 User Manual Download Page 28

                                                                                                                                                     

3 Configurations on Web Interface 

 

SBC3000 Session Border Controller 

Copyright©2011-2018 Dinstar     

22 

 

during the protection time.     

Packet Rate Limited

: when the security policy is triggered and takes effect, the packet 

rate of peer IP address or the set local port is limited, and those packets with exceeding 

transmission rate are dropped during the protection time.     

Drop

: when the security policy is triggered and takes effect, all the packets from peer IP 

address and those received by the set local port are dropped during the protection time.     

Protection Time 

The duration of the action conducted on attack source     

3.4 

Service 

Media Detection   

On the 

Service 

 Media Detection

 page, you can choose to enable/disable ‘Use called to match sessions’ and ‘RTP 

Detection’. If ‘RTP Detection’ is enabled, the SBC3000 device will monitor the RTP packets of each call and will 
disconnect the call after it finds that no RTP packets are sent or received during the detection time.     

 

Figure 3-12 Media Detection 

CDR 

On the

 Service 

CDR

 page, the CDR server defaults to ‘Disabled’, and you need to enable it to do corresponding 

configurations.     

 

Figure 3-13 Configure CDR Server   

Summary of Contents for SBC3000

Page 1: ...V1 0 Shenzhen Dinstar Co Ltd Address 9th Floor Guoxing Building Changxing Road Nanshan District Shenzhen China Postal Code 518052 Telephone 86 755 61919966 Fax 86 755 26456659 Emails sales dinstar co...

Page 2: ...ut how to install configure or use it Please read the manual carefully before installing it Intended Audience This manual is primarily aimed at the following people Users Engineers who install configu...

Page 3: ......

Page 4: ...l Control 5 Maintenance 5 Environmental 6 2 Installation 7 2 1 Preparations before Installation 7 Attentions for Installation 7 Preparations about Installation Site 7 Installation Tools 8 Unpacking 8...

Page 5: ...22 Media Detection 22 CDR 22 Number Profile 23 Time Profile 24 Rate Limit 25 Black White List 25 Codec Profile 27 Number Manipulation 28 Number Pool 29 SIP Header Manipulation 30 SIP Header Passthrou...

Page 6: ...ession Border Controller Copyright 2011 2018 Dinstar V Backup Restore 60 License 61 Certificate 61 3 7 Maintenance 62 Login Log 62 Operation Log 62 Security Log 63 Log Management 63 Tools 63 4 Abbrevi...

Page 7: ...tar SBC3000 provides rich SIP based services such as safe network access robust security system interconnectivity flexible session routing policy management QoS media transcoding and media processing...

Page 8: ...itialized successfully and is running normally Fast flash for two times with interval of 1s Image mirror file is upgraded successfully Fast Flashing 200ms Image mirror file fails to be upgraded Other...

Page 9: ...ta Encrypted sessions through SRTP and SIP over TLS User friendly web interface multiple management ways Support SIP protocols including UDP TCP and TLS Support multiple codecs G 711A U G 723 1 G 729A...

Page 10: ...TLS SIP trunk Peer to peer SIP trunk Access SIP registrations B2BUA Back to Back User Agent SIP Request rate limiting SIP registration rate limiting SIP registration scan attack detection SIP call sc...

Page 11: ...tacks Call Security with TLS SRTP White List Black List Access Rule List Embedded VoIP Firewall Call Control Dynamic load balancing and call routing Flexible routing engine Call routing based on prefi...

Page 12: ...ogs Statistics and Reports Multiple Languages Centralized Management System Remote Web and Telnet Environmental Redundant Power Supply 100 240VAC 50 60 Hz Power Consumption 15w Operating Temperature 0...

Page 13: ...s a three pin socket which should be grounded well It s suggested that personnel who has experience or who has received related training be responsible for installing and maintaining SBC3000 Please we...

Page 14: ...One 1 8 meter long of power wire AC 250V 4A Two network cables One grounding cable One serial console cable Mounting ears and screws 2 2 Installtion of SBC3000 Put SBC3000 into Shelf 1 Put the SBC300...

Page 15: ...ble according to EIA TIA 568B Standard as shown in the following figure Wire sequence of 568B white orange orange white green blue white blue green white brown brown Step3 Put the wires into the PINs...

Page 16: ...into the GE0 port If the indicator for the GE0 port is on it can be concluded that the GE1 port is faulty In case that the network cable is inserted into the GE0 port please pull out the network cable...

Page 17: ...connect the device s GE1 port to a PC by using a network cable and then modify the IP address of the PC to make it at the same network segment with of the default IP address of the GE1 port The forma...

Page 18: ...nd log into the Web interface of the device and then enable GE0 on the Security Access Control page Log in Web Interface Open a web browser and enter the IP address of the Admin port of SBC3000 https...

Page 19: ...on interfaces Click a button of the main menu bar and select a node of the navigation tree on the left you will see a detailed display interface or configuration interface Figure 3 3 Structure of Web...

Page 20: ...ration Flow System Status Log into the Web interface and the System Status page is displayed On the page call statistics and its graphic device information MCU Main Control Unit status as well as gene...

Page 21: ...age of answered telephone calls with respect to the total call volume ASR answered call total attempts of calls RPS Registrations Per Second The number of new requests for registrations every second a...

Page 22: ...license is in its validity period Valid will be displayed If the license has expired Invalid is shown License Expires The remaining time of license validity Current Time The current time of SBC3000 wh...

Page 23: ...evice is booted up Note Calls are grouped into inbound calls and outbound calls Inbound calls go from terminal users to SBC3000 while outbound calls are exactly the opposite Inbound calls and outbound...

Page 24: ...e access SIP trunk since the device is booted up Registered The total number of users that are successfully registered to SBC3000 by the help of the access SIP trunk and are still in validity period N...

Page 25: ...r of users that are successfully registered to SBC3000 by the help of the core SIP trunk and are still in validity period ASR The ASR of the core SIP trunk since the device is booted up ASR successful...

Page 26: ...If the RTP port is displayed as 0 it means the RTP session has not been connected successfully Duration s The duration of the call Name The name of the call which will be used when the call goes thro...

Page 27: ...AT IP Addr NAT source the IP address and NAT address of terminal user IP Addr NAT destination the IP address and NAT address of core network s SIP trunk Attack List On the Overview Attack List page th...

Page 28: ...ceived by the set local port are dropped during the protection time Protection Time The duration of the action conducted on attack source 3 4 Service Media Detection On the Service Media Detection pag...

Page 29: ...rt The SIP port through which the CDR server receives CDRs Transport The transport protocol adopted to transport CDRs which can be UDP or TCP Format The coded format of CDRs which only supports json c...

Page 30: ...llee number matches the set prefix the call will be passed to choose a specific route Time Profile On the Service Time Profile page you can set a time period for calls to choose routes If the local ti...

Page 31: ...f the rate limit rule RPS The maximum number of registrations that is allowed per second CPS The maximum number of calls that is allowed per second Max Concurrent Calls The maximum number of concurren...

Page 32: ...st Table 3 16 Blacklist Whitelist Blacklist Group The name of the blacklist It cannot be modified after the blacklist group is added successfully Whitelist Group The name of the whitelist It cannot be...

Page 33: ...modified after the codec group has been added successfully Description The description of the codec group Max Packetizing Time The maximum packetizing time that the codec group supports Codec SBC3000...

Page 34: ...3 20 Configure Number Manipulation Rule Table 3 18 Number Manipulation Rule Name The name of this manipulation rule It cannot be modified after the manipulation rule has been added successfully Descr...

Page 35: ...callee number can match one of the rules set in the Condition parameter the original number will be changed into the one set in the Replaced By parameter Replaced By If a caller callee number can matc...

Page 36: ...rule Caller Callee Number Prefix If the prefix here is matched with a caller callee number the caller callee number will be randomly replaced by a number from the pool Start Number The starting numbe...

Page 37: ...peration The operation rule will be applied when the set condition is met For example when the set value meets the source ID in Request Line the actions add modify or remove will be conducted on the d...

Page 38: ...e content with is the content which is from the designated header of original SIP message SIP Header Passthrough On the Service SIPHeader Passthrough page you can configure one or more SIP Header Pass...

Page 39: ...e passing through these two SIP headers as they might conflict with the configurations of SBC3000 2 The following SIP heads are not allowed to be passed through Network To From Contact Cseq Max Forwar...

Page 40: ...has been added successfully Description The description of the access network Interface The interface of the access network It can be eth0 eth1 eth2 or eth3 Transport Protocol Select a transport proto...

Page 41: ...ess network Please refer to 3 4 6 If no black list and white list are selected for the access network all calls are allowed to go through the access network Inbound Manipulation Select a number manipu...

Page 42: ...sages Disable INVITE request and 1xx response sent out by SBC3000 will not include 100rel tag by default Support INVITE request and 1xx response sent out by SBC3000 will include 100rel tag in Supporte...

Page 43: ...REQUEST URI of INVITE message is extracted as callee number SIP Methods Configure the SIP request methods that can be accepted by the access network If a SIP request method is not enabled the system w...

Page 44: ...unk Interface The SBC3000 device s Ethernet interface configured to connect the access SIP trunk It can be eth0 eth1 eth2 eth3 or VLAN Transport Select a transport protocol for the access SIP trunk It...

Page 45: ...ease refer to 3 4 8 and 3 4 9 DTMF DTMF is short for Dual Tone Multi Frequency There are three DTMF modes including SIP Info Inband RFC2833 If the DTMF mode of an access SIP trunk differs from that of...

Page 46: ...s If Supported is selected SBC3000 will send reinvite messages to keep activating sessions within the configured duration If no messages are detected within the configured duration sessions will be co...

Page 47: ...E message is extracted as caller number Display the DISPLAY field of FROM header of INVITE message is extracted as caller number Callee From User the USER field of TO header of INVITE message is extra...

Page 48: ...3 Configurations on Web Interface SBC3000 Session Border Controller Copyright 2011 2018 Dinstar 42...

Page 49: ...s contained in SIP messages sent out by SBC3000 will be turned into the outbound IP address of public network If NAT is enabled you need to fill in the outbound IP address of public network Rate Limit...

Page 50: ...trunk successfully the status of the SIP trunk will be True If the peer device fails to register or does not register to the SIP trunk the status of the SIP trunk will be Flase Registration When Serv...

Page 51: ...er device supports 100rel it will send the PRACK request to acknowledge the response From Header It can be Local Domain or Peer Domain Local Domain is the default value Remote media send addresses Loc...

Page 52: ...trunks and then set a strategy backup or load balance for choosing which truck will be used under a trunk group when a call comes in Figure 3 27 Configure SIP Trunk Group Table 3 25 SIP Trunk Group Na...

Page 53: ...unk Name The name of the access SIP trunk or core SIP trunk included in the trunk group 2 Call Routing Figure 3 28 Call Routing Table 3 26 Call Routing Index The index of the route which determines th...

Page 54: ...IP URL from callee can be any Source Type The source of the call routed by the route If the source of a call is access network or access SIP trunk the destination can only be core SIP trunk If the sou...

Page 55: ...is a kind of DDOS attack It can send a mass of ICMP packets to attack the SBC3000 device If this parameter is enabled the device will drop those packets whose transmission rate exceeds the configured...

Page 56: ...EE TCP XMAS TREE can send TCP packets with special tag to detect which ports are open on the target device If this parameter is enabled SBC3000 will drop those TCP packages and the peer device cannot...

Page 57: ...resses Click to delete a strategy while click to modify the strategy Figure 3 32 Add IP Security Strategy Table 3 29 IP Security Strategy Time Limiting The validity time of the IP security strategy Wh...

Page 58: ...d and takes effect the attack event is recorded in a log Flow Limited when the security strategy is triggered and takes effect the traffic of peer IP address or the set local port is limited and those...

Page 59: ...vice name certification network port mapping static routes username password as well as time zone current time You can also upgrade software versions backup or restore configuration data and update li...

Page 60: ...k On the System Network page you can configure the IP address Subnet mask gateway and DNS server You can also add VLAN on the page Figure 3 37 Network Port Figure 3 38 Modify Port Information Click to...

Page 61: ...or VLAN with the highest priority The smaller digit the higher priority Network Mode The way for network port GE0 and GE1 to get its IP address Currently SBC3000 only supports static IP address IP add...

Page 62: ...or TCP UDP Remote Interface The interface of the client in the wide area network which is to visit the SBC3000 device in local area network1 Remote Port Number The port of the client in the wide area...

Page 63: ...domain of the static route Mask The netmask of the static route such as 255 255 255 0 Interface The source interface of the static route such as GE0 and GE1 Next Hop The next hop address namely the r...

Page 64: ...d User List On the System User Manager User List page the administrator can add the users that are allowed to log in the Web interface specify their roles and allocate permissions to them Figure 3 43...

Page 65: ...ns or modify part of the configurations Observer has the permission to view existing configurations but cannot delete or modify them Date Time On the System Date Time page you can set a new time zone...

Page 66: ...gure 3 45 Software Upgrade The version file used for upgrade is generally named as 2 90 x x ldf Please do not use other products version files to upgrade the SBC3000 device Figure 3 46 Mirror Upgrade...

Page 67: ...gurations of the SBC3000 device will become factory settings License On the System License page the license information including license beginning time license expiry time maximum concurrent calls ma...

Page 68: ...the logins of the SBC3000 device can be viewed on the Maintenance Login Log page You are allowed to set query criteria to view the logs that you want Figure 3 50 Login Log Operation Log The logs traci...

Page 69: ...et query criteria to view the logs that you want Figure 3 52 System Log Log Management On the Maintenance Log Management page you can set the log level to filter logs and can export the logs of differ...

Page 70: ...the network works normally otherwise the network is not connected or is connected faultily Traceroute Traceroute is used to determine a route from one IP address to another Instruction for using Trac...

Page 71: ...sion Border Controller Copyright 2011 2018 Dinstar 65 4 Abbreviation SBC Session Border Controller SIP Session Initiation Protocol DTMF Dual Tone Multi Frequency NAT Network Address Translation VLAN V...

Reviews:

No comments

Brands by name

Popular brands

Load more brands