Skip to end of metadata
Go to start of metadata

Download PDF Document

2018-05-11

All Mediatrix Units

v. 42.1.857


1 Management Interfaces


1.1 Associating the Network Interface to the System Management Services

Steps

  1. Go to Management/Misc.
  2. From the Network Interface selection list, select the Network Interface you wish to bound to the system management services to.
  3. Click Apply.

Result

The user will access the System Management through the selected Network Interface.

Next Step

1.2 Stopping Services - Web Interface

1.2 Stopping Services - Web Interface

Context

If you are not familiar with the meaning of the fields and buttons, click Show Help, located at the upper right corner of the Web page. When activated, the fields and buttons that offer online help will change to green and if you hover over them, the description will be displayed.

Steps

  1. Go to System/Services.
  2. In the User Service table, click next to the service you want to disable.
  3. Click Apply.

Next Step

1.3 Securing SNMP Interface

1.3 Securing SNMP Interface

Context

If you are not familiar with the meaning of the fields and buttons, click Show Help, located at the upper right corner of the Web page. When activated, the fields and buttons that offer online help will change to green and if you hover over them, the description will be displayed.

Steps

  1. Go to Management/SNMP.
  2. In the SNMP Configuration table, set the following parameters:
    1. Set Enable SNMP V1 to Disable.
    2. Set Enable SNMP V2 to Disable.
    3. Set Privacy Protocol.
    4. In the Privacy Password field, enter a password of your choosing.
  3. Click Apply.

Result

Next Step

1.4 Forcing the Use of HTTPS

1.4 Forcing the Use of HTTPS

Steps

  1. Open CLI (Command Line Interface).
  2. Set Web.HttpMode to Secure.

Result

The unit will now be forced to use HTTPS.

Next Step

2.1 Configuring the Local Firewall

2 SIP


2.1 Configuring the Local Firewall

Before You Start

You must have a Network Interface created.If you are not familiar with the meaning of the fields and buttons, click Show Help, located at the upper right corner of the Web page. When activated, the fields and buttons that offer online help will change to green and if you hover over them, the description will be displayed.

Steps

  1. Go to Network/Local Firewall.
  2. In the Local Firewall Rules table, complete the fields as required.
  3. In the Local Firewall Configuration table, from the Default Policy selection list, select Drop.

    Important

    Before setting the Default Policy to Drop, i.e. to apply the local firewall rules and to drop any incoming call that does not match a rule, review your rules to make sure that at least one rule accepts incoming packets for management, otherwise the communication with the Mediatrix Sentinel will be lost.

    Note

    For example, if the Web interface is used for management (HTTP port 80) via the unit's LAN interface (default IP address = 192.168.0.10), then the following rule could be added:Activation=Enable / Destination Address=192.168.0.10 / Destination port=80 / Protocol=TCP / Action=Accept

    Note

    For blacklisting to be used, at least one firewall rule must have the Black listing enable box checked.

    Note

    Before setting the Default Policy to Drop, review your rules to make sure that at least one rule accepts incoming packets, otherwise the communication with the Mediatrix Sentinel will be lost.

  4. Click Save.

    Caution

    Take the time to carefully review your rules before continuing to the next step.

  5. Click Save and Apply to apply all changes to the configuration.
  6. Click restart required services, located at the top of the page.

Result

The Local Firewall will drop packets without any notification message.

If a rule with the Black listing enable box checked matches a packet and no Rate Limit Value was set, then the source address of the packet will be black listed and all packets coming from this address will be blocked for the duration of the Blacklist Timeout.

If a rule with the Black listing enable box checked matches a packet and the Rate Limit Value has been reached, then the source address of the packet will be black listed and all packets coming from this address will be blocked for the duration set for the Blacklist Rate Limit Timeout.

Next Step

2.2 Enabling TLS Transport

2.2 Enabling TLS Transport

Before You Start

A TLS certificate must be installed on the Mediatrix unit.

Context

If you are not familiar with the meaning of the fields and buttons, click Show Help, located at the upper right corner of the Web page. When activated, the fields and buttons that offer online help will change to green and if you hover over them, the description will be displayed.

Steps

  1. Go to SIP/Transport.
  2. In the Protocol Configuration table, set TLS to Enable.

    Important

    The Mediatrix unit does not support a mix of both TLS and non-TLS links. Once TLS is enabled, it is enabled for all configured gateways.

  3. Click Apply.

Result

Next Step

2.3 Setting the RTP Mode - Secure

2.3 Setting the RTP Mode - Secure

Context

If you are not familiar with the meaning of the fields and buttons, click Show Help, located at the upper right corner of the Web page. When activated, the fields and buttons that offer online help will change to green and if you hover over them, the description will be displayed.

Steps

  1. Go to Media/Security.
  2. Select the endpoint you want to configure with the help of the drop down menu Select Endpoint.
  3. Under the RTP section, set Mode to Secure.
  4. Set the other parameters based on your desired configuration.
  5. Click Apply.

Result

Next Step

3.1 Disabling DHCP Server Download

3 Configuration Files


3.1 Disabling DHCP Server Download

Context

If you are not familiar with the meaning of the fields and buttons, click Show Help, located at the upper right corner of the Web page. When activated, the fields and buttons that offer online help will change to green and if you hover over them, the description will be displayed.

Steps

  1. Go to Management/Configuration Scripts.
  2. In the Automatic Script Execution table, set Allow DHCP to Trigger Scripts Execution to Disable.
  3. Click Apply.

Result

Ensures that no one can send a new configuration file to the unit if the DHCP server is compromised.

Next Step

3.2 Configuring a Privacy Key

3.2 Configuring a Privacy Key

Context

If you are not familiar with the meaning of the fields and buttons, click Show Help, located at the upper right corner of the Web page. When activated, the fields and buttons that offer online help will change to green and if you hover over them, the description will be displayed.

Steps

  1. Go to Management > Configuration Scripts.
  2. In the Execute Scripts table, set a privacy key of your choosing in the Privacy Key field.

Result

The unit will only accept scripts that have been encrypted with this privacy key. The privacy key also ensures that the files are encrypted when using unsecure transfer mode (HTTP,TFTP,FTP).

Next Step

4 Disabling Partial Reset - ResetButtonManagement

4 Disabling Partial Reset - ResetButtonManagement

Steps

  1. Open CLI (Command Line Interface).
  2. Set ResetButtonManagement to DisablePartialReset.

Result

The Mediatrix unit will no longer partially reset the unit.

5 Requirements

CLI

Make sure the Telnet access is disabled. You can look at the Cli.EnableTelnet variable to verify if Telnet connections are allowed. The access is disabled by default.

Additional considerations

  • In the initial configuration of the unit, review the users and change their passwords and access rights according to your security policy.
  • On FXS devices, the Vocal Unit Information allows a caller on an FXS port to dial codes to get information on the unit like the IP addresses and the MAC address. It is recommended to turn this feature off to prevent attackers from gaining information on the Mediatrix unit setup.

6 Copyright Notice

Copyright © 2018 Media5 Corporation.

This document contains information that is proprietary to Media5 Corporation.

Media5 Corporation reserves all rights to this document as well as to the Intellectual Property of the document and the technology and know-how that it includes and represents.

This publication cannot be reproduced, neither in whole nor in part, in any form whatsoever, without written prior approval by Media5 Corporation.

Media5 Corporation reserves the right to revise this publication and make changes at any time and without the obligation to notify any person and/or entity of such revisions and/or changes.