P a g e 8
SECURITY FOR SIP ACCOUNTS AND CALLS
Protocols and Ports
By default, after a factory reset, all the accounts are active. Knowing the default local SIP port (Account1:
5060; Account2 : 5062
… ) users can make direct IP call even if the accounts are not registered to any PBX.
Therefore, it is recommended to disable the unused ports. Under Web GUI
→
Accounts
→
Account X
→
General Settings
→
Account Active:
“No”
➢
Users can also disable Direct IP calls on all ports under
Settings
→
Call Features:
Set “
Disable
Direct IP Call:”
to
“Yes”
•
SIP transport protocol:
The FAP
supports SIP transport protocol “UDP” “TCP” and “TLS”. By default, it’s set to “UDP”. It’s
recommended to use
“TLS” so the SIP signaling is encrypted. SIP transport protocol can be
configured per Account under web UI
→
Accounts
→
Account X
→
SIP Settings
→
Basic Settings. When
“TLS” is used, we recommend using “sips” instead of “sip” for SIP URI scheme to ensure the entire
SIP transaction is secured instead of
“best-effort”.
Figure 6 : Configure TLS as SIP Transport
SIP TLS certificate, private key and password can be configured under
Maintenance
→
Security Settings
→
Security
page:
Figure 7 : SIP TLS Settings
When SIP TLS is used, the FAP also offer additional configurations:
