General Security Parameters

The general security parameters are described in the table below.

General Security Parameters

Parameter

Description

Media Latching

'Inbound Media Latch Mode'

configure voip > media settings > inbound-media-latch-mode

[InboundMediaLatchMode]

Enables the Media Latching feature.

[0] Strict = The device is ready to receive (latch on to) media packets, but only if they are from a specific source IP address and UDP port, according to the remote IP address and UDP port in the negotiated SDP of the SIP message.

Note: If the SIP user agent is behind NAT and you have configured the [NATMode] parameter to [4] (NAT By Signaling Restricted IP), even if you have configured the 'Inbound Media Latch Mode' parameter to Strict, the device automatically changes it to Dynamic.

[1] Dynamic = (Default) Device latches on to the first stream. If it receives at least a minimum number of consecutive packets (configured by New<media type>StreamPackets) from a different source(s) and the device has not received packets from the current stream for a user-defined period (TimeoutToRelatch<media type>Msec), it latches on to the next packet received from any other stream. If other packets of a different media type are received from the new stream, based on IP address and SSRC for RTCP/RTP and based on IP address only for T.38, the packet is accepted immediately.

Note: If a packet from the original (first latched onto) IP address:port is received at any time, the device latches on to this stream.

[2] Dynamic-Strict = Device latches onto the first stream. If it receives at least a minimum number of consecutive packets (configured by New<media type>StreamPackets) all from the same source which is different to the first stream and the device has not received packets from the current stream for a user-defined period (TimeoutToRelatch<media type>Msec), it latches on to the next packet received from any other stream. If other packets of different media type are received from the new stream based on IP address and SSRC for RTCP and based on IP address only for T.38, the packet is accepted immediately.

Note: If a packet from the original (first latched onto) IP address:port is received at any time, the device latches on to this stream.

[3] Strict-On-First = Typically used for NAT, where the correct IP address:port is initially unknown. The device latches on to the stream received in the first packet. The device doesn't change this stream unless a packet is later received from the original source.

Note: If you configure the parameter to Strict, the device can't perform NAT traversal. In this setup, configure the [NATMode] parameter to [1].

'New RTP Stream Packets'

[NewRtpStreamPackets]

Defines the minimum number of continuous RTP packets received by the device's channel to allow latching onto the new incoming stream.

The valid range is 0 to 20. The default is 3. If set to 0, the device is left exposed to attacks against multiple packet streams.

'New RTCP Stream Packets'

[NewRtcpStreamPackets]

Defines the minimum number of continuous RTCP packets received by the device's channel to allow latching onto the new incoming stream.

The valid range is 0 to 20. The default is 3. If set to 0, the device is left exposed to attacks against multiple packet streams.

'New SRTP Stream Packets'

[NewSRTPStreamPackets]

Defines the minimum number of continuous SRTP packets received by the device's channel to allow latching onto the new incoming stream.

The valid range is 0 to 20. The default is 3. If set to 0, the device is left exposed to attacks against multiple packet streams.

'New SRTCP Stream Packets'

[NewSRTCPStreamPackets]

Defines the minimum number of continuous SRTCP packets received by the device's channel to allow latching onto the new incoming stream.

The valid range is 0 to 20. The default is 3. If set to 0, the device is left exposed to attacks against multiple packet streams.

'Timeout To Relatch RTP'

[TimeoutToRelatchRTPMsec]

Defines a period (msec) during which if no packets are received from the current RTP session, the channel can re-latch onto another stream.

The valid range is any value from 0. The default is 200.

'Timeout To Relatch SRTP'

[TimeoutToRelatchSRTPMsec]

Defines a period (msec) during which if no packets are received from the current SRTP session, the channel can re-latch onto another stream.

The valid range is any value from 0. The default is 200.

'Timeout To Relatch Silence'

[TimeoutToRelatchSilenceMsec]

Defines a period (msec) during which if no packets are received from the current RTP/SRTP session and the channel is in silence mode, the channel can re-latch onto another stream.

The valid range is any value from 0. The default is 200.

'Timeout To Relatch RTCP'

[TimeoutToRelatchRTCPMsec]

Defines a period (msec) during which if no packets are received from the current RTCP session, the channel can re-latch onto another RTCP stream.

The valid range is any value from 0. The default is 10,000.

'Fax Relay Rx/Tx Timeout'

[FaxRelayTimeoutSec]

Defines a period (sec) during which if no T.38 packets are received or sent from the current T.38 fax relay session, the channel can re-latch onto another stream.

The valid range is 0 to 255. The default is 10.