Advanced SIP Settings

NB! Changing these settings requires in depth knowledge!

Get default values - Restore all settings to default (as when new from package).

NOTE! Press "Save" after your settings!


Authorized Users

Define rules for limiting what SIP users are allowed to do. When a SIP message is received, this table is scanned top to bottom and the first row defining a rule that matches the method, URI and direction of the SIP message is used.

Method - SIP method (e.g. REGISTER,INVITE,BYE) that this rule should apply to.

URI - URI, destination SIP address, that this rule should apply to (wildcard '*' may be used).

Direction - Classification of SIP message by direction that this rule should apply to.
outbound - SIP messages addressed to other SIP servers.
inbound - SIP messages addressed to this SIP server.
both - All SIP messages.

Authentication User IDs - Define the users that are authorized by this rule. Specify the authentication user IDs separated with comma or space (wildcard '*' means all user IDs).


NOTE! Press "Save" after your settings!


SIP proxy

On this page there are more advanced settings for how the SIP server will forward SIP messages.

Maximum number of registrations per user - Max number of registrations (number of simultaneous different locations) for a user.
Timeout before registration expires - The registration must be refreshed within the stated time period, or it is removed. (SIP-clients manage re-registering automatically)
Call time out - A SIP session must be refreshed within the stated time period, or it is closed. Used to finish SIP-sessions there both parts have crasched. (SIP-clients can manage refreshing automatically)
Enable SIP session timer - Negotiate a SIP session timer value. The value used in the negotiation is the "Call time out"
Default request timeout - Used if the SIP INVITE message has not specified any expire timeout.

Maximum request timeout - The maximum allowed request timeout value.

SIP Server port - The listening port for the SIP server (Recommended value: 5060)

Requests for a foreign domain - How the SIP server should handle SIP messages addressed to other domains:
unlimited - Forward to the other domain (Recommended).
deny - The SIP request will be rejected.

NOTE! Press "Save" after your settings!


Static domain forwarding - Domains which should override (bypass) DNS-lookups. Use 127.0.0.1 as IP address to specify that this unit should be used as SIP server for the given domain. If a domain in DNS points at this unit's IP address, but you want to use another SIP server you can enter it's IP address here.
Domain - Name of the domain in a SIP request.
Forward to (IP) - The IP address that SIP messages matching the domain shall be forwarded to, or 127.0.0.1 to specify a domain to host.

NOTE! Press "Save" after your settings!


Proxy rules

Rules that limit access to the SIP server by matching the source IP address of the SIP message. With these rules you can black list users (or white list) based on source IP address. The list is scanned from top to bottom and the first match found is selected.

Proxy default access limit - Access limit for SIP messages that do not match a specific rule:
unlimited - Accept all SIP requests.
limited - Accept only SIP requests addressed to this unit (unit not usable as outbound proxy).
no access - The SIP request will be rejected.

IP Address - The IP address that is used together with the subnet mask to match the source IP address of a SIP message.

Subnet Mask - The subnet mask that is used together with the IP address to match the source IP address of a SIP message.

Access limit - Access limit of a SIP message matching the rule:
unlimited - Accept all SIP requests.
limited - Accept only SIP requests addressed to this unit (unit not usable as outbound proxy).
no access - The SIP request will be rejected.

NOTE! Press "Save" after your settings!


Advanced

Forwarding of class 1 responses - How to forward SIP messages with in progress information.
All - Accept all SIP requests.
If higher status code - Forward only if the SIP message have higher status code.
none - The SIP request will be rejected.

Handling of class 3 responses - How to handle SIP responses redirecting to a new SIP address.
Forward - Accept all SIP requests.
Retry - Try to contact the user at the new address (recursion).

TCP connection timeout - TCP connections to the SIP server not transmitting valid SIP messages are closed after the timeout. A value of 0 disables the SIP TCP server.

Max number of media streams per SIP request - Max number of data streams allowed to be set up between two users with a single SIP request.

Accept - MIME-types in SIP messages allowed to pass without restrictions. Multiple types can be entered, separated by comma. Wildcards are allowed.

Log settings (SIP) - Select the extent of SIP information in the system log:
"notice" - normal setting
"info" - more details
"debug" - most detailed, mainly for support matters.

Log SIP header fields (e.g. From, To) - Enter the name of the SIP header fields you want to display in the System Log (Log Settings should be "info" or "debug" to use this feature).

Log only communication with IP addresses: - Filter the logging of SIP messages. Only SIP messages sent or received to the given IP addresses are shown in the System Log.

Spoof protection - Spoofing is when an intruder pretends to have a false IP address.

Allow multiple RTP media senders - When the firewall is opened to let the media streams of the session pass through the IP adress from which the media is sent is not allowed to change unless this setting is enabled.

Allow RTP in reverse direction - Allow RTP sent in reverse direction to pass firewall. Use this setting if you use equipment that always sends RTP symmetrically, regardless of what is stated in the SDP (Session Description Protocol).
Disable URI encryption - This unit encrypts information in the URI:s sent to outside world to not reveal information about the network topology inside the firewall. There is a side effect in that some SIP devices don't cope with the URI:s getting bigger due to the encryption. If you think you have this problem and you don't mind revealing IP addresses behind the firewall you can disable the behaviour with this setting.
RFC 3261 Loose routing - Some SIP units does not accept URI parameters without values. The loose routing parameter, "lr", is such a parameter and this unit therefore uses "lr=true" by default for loose routing. With this setting you can enforce strict RFC 3261 behaviour (using ";lr").
Disable username encoding (registrations) - To be able to differentiate between two users with same username, for example bob@foo.com and bob@bar.com, this unit encodes the registration information (Contact header field) to make the registration unique (e.g. sip:zXc2Vbfdf@1.2.3.4). However, some SIP servers seem to implement the SIP standard poorly in that they don't copy the exact information from the Contact URI of the REGISTER to the request-URI of the incoming INVITE message. Try this setting if you have trouble with incoming calls.
Disable change to TCP (large messages) - According to the SIP standard, a proxy should change protocol from UDP to TCP if message size is greater than 1300 bytes. With this setting you can disable this behaviour if you have SIP devices only supporting UDP.
Try make UDP messages smaller when exceeding - To avoid IP fragmentation this unit can try to reduce SIP message sizes. If the received message size is greater that what this setting specifies, this unit will remove certain less important pieces of information in the SIP message to reduce message size. The default value of 65535 disables the function.
Hide Via headers on requests to IP addresses: - Some SIP units may not work when more than one Via header is present. With this setting you can remove all Via header fields but one (the units own) when sending a request to an IP address entered here. The Via header fields are restored when the response is sent downstream. Alternatively, this setting can be used to make messages smaller.
Monitor servers for failures - This unit can be used to monitor SIP servers for failures by sending OPTIONS requests periodically. This makes call failures resulting from network problems to be detected much faster for calls to the monitored servers. Enter the hostnames or IP addresses of the servers you want to monitor.
Time to cache server failures - Time to remember a certain (possibly monitored) SIP server is unreachable. E.g. if no response is received from a SIP server, this unit does not send new requests to the same SIP server until the time specified has elapsed. Instead the call is denied immediately.
Client registration interval - How often SIP clients on this unit should send REGISTER requests to the SIP server responsible for the SIP address of the client. SIP clients on this unit are the telephony ports and/or any SIP accounts of type "Reg".

NOTE! Press "Save" after your settings!


Handling of Call Transfer
Using the SIP protocol, call transfers between SIP phones is a function that should be handled by the SIP endpoints. However, many SIP endpoints do not support this. For example, an incoming call via a PSTN gateway cannot be transferred to another SIP phone, because gateways typically do not support the REFER method.

This product has the capability to act as a SIP Back To Back User Agent (B2BUA), to break in and handle call transfers between SIP Clients. However, using the B2BUA instead of the normal Proxy behavior, may have some drawbacks in advanced signaling scenarios, so below are provided various settings to control when the B2BUA is being used for incoming calls.

Always - The B2BUA is used for all incoming calls. Use with care if advanced call scenarios are used.
For clients not supporting "REFER"
For clients not supporting "replaces"
For clients with FROM-URI: - You can specify SIP addresses of callers (separated by space or comma) for which this product should handle the call transfers. The SIP addresses may include wildcards. ? represents any single character while, * represents a string of characters of any length. * is only allowed first, last and just before or after @ (e.g. *@supercall.com).
For clients with User-Agent field: - The content of User-Agents fields may include brands or versions that are known not to support call transfers. Several such ids may be entered (separated by space or comma) to instruct the B2BUA to handle the call transfers for such SIP clients. The ids may include wildcards as above.

The B2BUA can also handle outgoing calls through the Dial Plan, by adding the ";b2bua" parameter after the gateway address, e.g. pstn.gw.com;b2bua in the "Forward to" field. (Forwarding to a SIP account in the Dial Plan will always use the B2BUA.)

NOTE! Press "Save" after your settings!


Quality of Service
Two methods are provided. The first controls the "DiffServ" bits in the IP packet and gives priority to SIP traffic that needs to go fast (RFC 2474). To be effective, the network of the Service Provider must support DiffServ. The second method requires no special support from the network It prioritizes voice traffic internally and also controls external data streams to allow voice packages to coexist on a limited outside bandwidth.

Set DiffServ bits in all SIP media streams - If checked, the SIP traffic will get the DiffServ values as entered. Check with your Service Provider for suitable values or use the default for audio, video and data. The values are six binary digits (e.g. 101110).

Strip DiffServ bits from other applications - Check this to lower priority for non-SIP traffic, thus enabling SIP to go faster.

Prioritize SIP media streams - Packets belonging to SIP initiated media streams (and those matching the DiffServ audio setting above) are prioritised over other traffic. NB! Enabling this feature can affect performance, e.g. throughput.

Link capacity (Upstream) - Limit the upstream sending rate to your subscribed rate to avoid building up queues in upstream equipment, which can happen if the physical link capacity is higher than the subscribed rate.

Link capacity (Downstream) - The maximum available downstream receiving rate is used to "regulate" downstream TCP traffic to back off in favour for high priority traffic (voice).


NOTE! Press "Save" after your settings!


Call Admission Control
Allows you to deny SIP calls if there is already too heavy load on the unit. Prevents unit from being overloaded.

Deny calls if any of the following is exceeded - Deny further SIP connections if ANY of the following criterias are met. Fill in the fields you whish to supervise, leave the others blank.
Upstream traffic - Total amount of traffic towards the Internet. If current traffic uses more bandwidth further SIP calls will be denied. Leave blank to ignore.
NOTE! Prioritize SIP media streams, Upstream must be enabled for this function to work!
Downstream traffic - Total amount of traffic from the Internet. If current traffic uses more bandwidth further SIP calls will be denied. Leave blank to ignore.
NOTE! Prioritize SIP media streams, Downstream must be enabled for this function to work!
CPU load - Workload on unit's processor. Leave blank to ignore.
Audio calls - Number of audio calls in progress. If this amount of audio calls are already in progress through the unit, further SIP calls will be denied. Leave blank to ignore.
Video calls - Number of video calls in progress. If this amount of video calls are already in progress through the unit, further SIP calls will be denied. Leave blank to ignore.

NOTE! Press "Save" after your settings!


Read more online:
Advanced SIP Settings