User`s manual
SIP User's Manual 12. Security
Version 5.0 297 December 2006
¾ To configure RADIUS support on the gateway using the ini file:
Add the following parameters to the ini file. For information on modifying the ini file,
refer to Section 6.2 on page 209.
• EnableRADIUS = 1
• WebRADIUSLogin = 1
• RADIUSAuthServerIP = IP address of RADIUS server
• RADIUSAuthPort = port number of RADIUS server, usually 1812
• SharedSecret = your shared secret'
• HTTPSOnly = 1
• BehaviorUponRadiusTimeout = 1
• RadiusLocalCacheMode = 1
• RadiusLocalCacheTimeout = 300
• RadiusVSAVendorID = your vendor’s ID
• RadiusVSAAccessAttribute = code that indicates the access level attribute
• DefaultAccessLevel = default access level (0 to 200)
12.5 Internal Firewall
The MediaPack accommodates an internal access list facility, allowing the security
administrator to define network traffic filtering rules. The access list provides the following
features:
Block traffic from known malicious sources
Only allow traffic from known friendly sources, and block all others
Mix allowed and blocked network sources
Limit traffic to a predefined rate (blocking the excess)
Limit traffic to specific protocols, and specific port ranges on the device
The access list consists of a table with up to 50 ordered lines. For each packet received on
the network interface, the table is scanned from the top until a matching rule is found (or
the table end is reached). This rule can either block the packet or allow it; however it is
important to note that subsequent rules aren’t scanned. If the table end is reached without
a match, the packet is accepted.
Each rule is composed of the following fields (described in Table 5-49 on page 172):
IP address (or DNS name) of source network
IP network mask
Destination UDP/TCP ports (on this device)
Protocol type
Maximum packet size, byte rate per second, and allowed data burst
Action upon match (allow or block)