Manualshelf

Installation guide

ManualsBrandsAcano ManualsComputer equipmentSolution
51525354555657585960
Additional Security Considerations & QoS
Acano solution: Single combined Acano server Deployment Guide R1.6 76-1054-01-H
Page 52
10.4 TLS Certificate Verification
You can enable Mutual Authentication for SIP and LDAP in order to validate that the remote
certificate is trusted. When enabled, the Call Bridge always asks for the remote certificate
(irrespective of which side initiated the connection) and compares the presented certificate to a
trust store that has been uploaded and defined on the Acano server.
The MMP commands available are (also see the MMP Command Reference):
tls <sip|ldap> trust <crt bundle>: defines Certificate Authorities to be trusted
tls <sip|ldap> verify enable|disable|ocsp: enables/disables certificate
verification or whether OCSP is to be used for verification
tls <sip|ldap>: displays current configuration
10.5 User Controls
MMP admin users can:
Reset another admin user’s password
Set the maximum number of characters that can be repeated in a user’s password and
there are a number of other user password rule additions
Limit MMP access by IP address
Disable MMP accounts after configurable idle period
10.6 Firewall Rules
In release 1.6 the MMP supports the creation of simple firewall rules for both the media and
admin interfaces. Note that this is not intended to be a substitute for a full standalone firewall
solution and therefore is not detailed here. Firewall rules must be specified separately for each
interface. See the MMP Command Reference for full details and examples.
CAUTION: We recommend using the serial Console port to configure the firewall, because
using SSH means that an error in the rules would make the SSH port inaccessible. If you must
use SSH, then ensure that an allow ssh rule is created for the ADMIN interface before
enabling the firewall.
10.7 DSCP
You can enable DSCP tagging for the traffic types on the Acano server (see the MMP Command
Reference).
1. Sign in to the MMP and set the DSCP values as required.
2. Go to Configuration > Call Settings and set the DSCP Mode as follows:
In a non-AS SIP environment, select Use Normal Values
In an AS SIP environment, select Use Assured Values