|Sonus Documentation Portal|
The SIP Security Profile feature defines the type and behavior of security mechanism to apply to the SBC acting as P-CSCF.
The Transparency Profile is the recommended method of configuring transparency on the SBC Core for new deployments as well as when applying additional transparency configurations to existing deployments. Do not use IP Signaling Profile flags in these scenarios because the flags will be retired in upcoming releases.
Refer to the SBC SIP Transparency Implementation Guide for additional information.
The CLI syntax to configure the SIP Security Profile is shown below:
Use this parameter to define the encryption preference for this SIP Security Profile.
Enable this flag to give precedence to the order of occurrence of "mechanism-name" value in the "Security-Client" header while selecting the Security Mechanism to apply.
Enable this flag to reject the incoming REGISTER when it does not contain "sec-agree" header value (in Require or Proxy-Require headers) or does not contain any supported mechanism-name (ipsec-3gpp) in "Security-Client" header.
Use this parameter to define the SBC security mode for this SIP Security Profile.
Identifies the list of security mechanisms supported by SBC and the corresponding precedence level for each security mechanism.
When SBC Security Mode (
sbxSecMode) is set to
sbc-only, configure a Transparency Profile for following headers in egress trunk group:
The following example configuration accomplishes the following:
forceClientSecurityPref" and "
rejectSecUnsupportedRequest" to "
enabled", and sets SIP security mechanism "
ipsec-3gpp" to precedence of "1".
S-PROFILE1to SIP trunk group "