1. Choose VoIP.

  2. Scroll to SIP Port Settings.

  3. In the UDP System Port field, enter the port(s) on which the system listens for SIP over UDP messages from SIP clients. To specify multiple UDP ports, separate each port with a comma. The default value is “5060,5070,5075.”

  4. In the REGISTER restricted to port field, enter 0 to accept REGISTER on any configured SIP port. Or enter any UDP port number to restrict REGISTER requests to the specified port.

  5. In the UDP System Source Port field, enter a source port to use when sending SIP over UDP messages to the SIP Server. The system also listens for SIP messages on this port similar to the Client Listening Port(s).
  6. In the TCP System Port field, enter the port on which this device will listen for SIP over TCP connection requests. Enter any valid TCP port.
  7. In the TCP Connection Timeout (m) field, enter a length of time in minutes for this device to monitor all TCP connections. If there is no activity on any specific port for a specified amount of time, that connection is closed. Minimum value is 4 minutes.

  8. In the TLS System Port field, enter the port on which this device will listen for SIP over TLS connection requests. Enter any valid TCP port. The TLS port cannot be the same as the TCP port.

  9. Select a protocol from the TLS Protocol drop-down list:

    • TLSv1—Allow TLS version 1.0 protocol only (RFC 2246)

    • TLSv1.2: Allows only TLS protocol version 1.2 (RFC 5246)
    • TLSv1.3: Allows only TLS protocol version 1.3 (RFC 8446)

  10. In the Ciphers String field, enter a string to add or restrict the cipher suites offered by this device during a TLS handshake.

  11. For certificate mutual authentication, select LAN and WAN interface policies from the following drop-down lists:

    • Certificate—The X.509 certificate for the interface in PEM format. The certificates are loaded using the Security > Certificate Store page. Make sure that the common name (CN) in the certificate matches the domain name or IP of the interface.
      The certificate can be a user-configured certificate, hardware platform unique certificate installed at manufacturing time or a common certificate bundled in the VOS firmware. 

      For the hardware platform unique certificate installed at manufacturing time, the common name will be the LAN MAC of the system. 

      If the user has explicitly configured a certificate to use, this is used first. If there is no user-configured certificate, but the hardware system has a platform unique certificate, this will be used. If there is no user-configured certificate or a unique hardware platform certificate, then the firmware common certificate is used.

    • Policy—Peer certificate verification policy:

      • No check—The peer certificate is not verified.

      • Verify if provided—Send a client certificate request to clients but continue handshake if the client does not return a certificate. Fail if certificate is returned and the verification fails.

      • Require and Verify—Send a client certificate request to clients and continue only if the client sends a certificate and the certificate verification succeeds.

      • Require and Verify Once—Same as “Require and Verify” except that client certificate requests are not sent during renegotiation.

  12. Enable Exclude sips headers for TLS Transport option to use 'sip' uri scheme in translated SIP message. This option is available only for TLS transport.
  13. Click Submit. For more information on submitting your changes, refer to Submit Configuration Changes.