Using the Custom Passphrase

Once the custom passphrase is defined, it must be kept confidential for security purposes. The same passphrase must be used during the Backup and Restore procedure in order for the passwords to be encrypted/decrypted successfully.

A user-defined passphrase (up to 128 alpha-numeric characters) option is available when you Backup (export), Restore, and Import, a configuration file in the SBC. Custom passphrase is used when there is a need for duplicating similar configurations in different nodes; the configuration is exported from one node and imported into another node.

On Backup (export), the passphrase is used to encrypt the following passwords in an exported configuration file:

  • SIP - Local Pass through Authorization and Remote Authorization tables
  • AD Domain\Controller Password
  • Radius Shared Secret Key
  • IPsec Shared Secret Key

On Restore and Import, these same passwords can then be decrypted by the importing node.

The passphrase will not encrypt the already-encrypted user passwords which are used for Login credentials.

The Restore and Import functions are restricted to the same platform (i.e., restoring a configuration from SBC1000 to SBC2000 or vice versa is not permitted; an error message will display).

Using Custom Passphrase with Backup

When a passphrase is entered during the Backup procedure, the passwords in the downloaded configuration (noted above) are encrypted using the passphrase. If a password is not entered, the passwords are downloaded in their original form and are not usable in a different node.

Using Custom Passphrase with Restore (via WebUI)

The Restore function through the WebUI, is normally used to restore a configuration on the same node, or as a way to duplicate the configuration of the source node (which includes IP address and IP routing). When a passphrase is entered, the passwords (noted above) in the imported configuration are decrypted using the passphrase. If a passphrase is not entered, the configuration will not be usable in a different node. If the decryption fails, the restore will continue, but the passwords will be lost and an error message is displayed.

Using Custom Passphrase with Import (via REST)

The Import function through REST, is normally used to duplicate the configuration on multiple nodes without changing the node's IP address and IP routing. When a passphrase is entered, the passwords (noted above) in the imported configuration are decrypted using the passphrase. If a passphrase is not entered, the configuration will not be usable in a different node. If the decryption fails, the restore will continue, but the passwords will be lost and an error message is displayed.

Import through REST will not import the Local and Remote Authorization tables to the target node, but Restore will decrypt and restore the local and remote authorization tables on the target node.

 

  • No labels