Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Add_workflow_for_techpubs
AUTH2pmohan
AUTH1sbsarkar
REV5dalves
REV6radaikalam
REV3
REV1

 

Panel
borderColorgreenbgColortransparentborderWidth

In this section:

Table of Contents
maxLevel2

Additional section:
Info
children
icon
styleh6
false

Related articles:

Children Display

Panel

In this section:

Table of Contents
maxLevel2

 

This profile specifies the type and behavior of security mechanism to apply to the Access Solution acting as P-CSCF.

Note
iconfalse
titleNote

When configuring Sip Security Profile on a particular SIP Trunk Group, ensure Authcode Headers transparency flag (see Common Ip Attributes - Transparency Flags) is not enabled on the same Trunk Group.

Excerpt Include
SIP Security Profile - CLI
SIP Security Profile - CLI
nopaneltrue

Include Page
Transparency_Profile_Note
Transparency_Profile_Note

To View Sip Security Profile

On SBC main screen, go to Configuration > Profile Management > Category: Service Profiles >Sip Security Profile.

The Sip Security Profile window is displayed.

Caption
0Figure
1Profile Management - Service Profiles - Sip Security Profile

To Edit Sip Security Profile

To edit any of the Sip Security Profile in the list, click the radio button next to the specific Sip Security Profile name.

Caption
0Figure
1Profile Management - Service Profiles - Sip Security Profile Highlighted

The Edit Selected Sip Security Profile window is displayed below.

Caption
0Figure
1Profile Management - Service Profiles - Sip Security Profile Edit Window

Make the required changes and click Save at the right hand bottom of the panel to save the changes made.

To Create Sip Security Profile

To create a new Sip Security Profile, click New Sip Security Profile tab on the Sip Security Profile List panel.

Caption
0Figure
1Profile Management - Service Profiles - Sip Security Profile Fields

The Create New Sip Security Profile window is displayed.

Caption
0Figure
1Profile Management - Service Profiles - Sip Security Profile Create Window

The following fields are displayed:

Caption
0Table
1SIP Security Profile

Parameter

Description

Name

Specifies the user name of this Security Profile.

Sbx Sec Mode

Use this parameter to define the SBC security mode for this SIP Security Profile. The options are:

  • Sbc-pcscf: SBC acts as integrated SBC+PCSCF mode.
  • Sbc-only: SBC-only mode. SBC disregards the configured security mechanism (ipsec-3gpp or tls) in the profile, if any.

When Sbx Sec Mode is configured as sbc-only, you must configure a Transparency Profile for following headers in an egress trunk group.

Refer to SIP Security Profile - CLI, Command Examples section to know more on how to configure a Transparency Profile.

Refer to P-CSCF Security Mechanisms to know the functionality of this feature.

Force Client
Security

If Enabled, while selecting the Security Mechanism, the precedence is given to the order of occurrence of mechanism-name values in the Security-Client header.

The options are:

  • Disabled (default)
  • Enabled

Reject Sec Unsupported Request

Enable this flag to reject the incoming REGISTER when it does not contain "sec-agree" header value (in Require or Proxy-Require headers) or does not contain any supported mechanism-name (ipsec-3gpp) in "Security-Client" header.
Use default setting "Disabled" to process messages using "Digest without TLS" security mechanism.

  • Disabled (default)
  • Enabled
Encryption Preference

Provides encryption preference for SIP Security Profile.

The available options are:

  • Always-encrypt—Use this option to reject REGISTER requests if the UE offers a NULL encryption algorithm. 
  • None (default)—If this option is configured the SBC compares the UE's offer of encryption algorithms with the list of supported encryption algorithms, and selects the first matched entry in the 401 response for the REGISTER request. The SBC accepts the NULL encryption algorithm if it is the first one in the UE's offer.
  • Null-forced Use this option to enforce NULL encryption irrespective of what encryption algorithm offered by the UE. The SBC acting as a Proxy For Call Session Control Function (P-CSCF) always disables encryption. 

To Delete Sip Security Profile

To delete any of the created Sip Security Profile, click the radio button next to the specific Sip Security Profile which you want to delete.

Caption
0Figure
1Profile Management - Service Profiles - Sip Security Profile Highlighted

Click Delete at the end of the highlighted row. A delete confirmation message appears seeking your decision.

Caption
0Figure
1Profile Management - Service Profiles - Sip Security Profile Delete Confirmation

Click Yes to remove the specific Sip Security Profile from the list.

 

Pagebreak