<!DOCTYPE html
SYSTEM "about:legacy-compat">
<html lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta charset="UTF-8"><meta name="copyright" content="(C) Copyright 2023"><meta name="DC.rights.owner" content="(C) Copyright 2023"><meta name="DC.type" content="topic"><meta name="prodname" content="All Mediatrix Units"><meta name="version" content="DGW 49.12.28842941"><meta name="platform" content="All"><meta name="DC.date.modified" content="2023-0308-2809"><meta name="DC.date.issued" content="2023-0308-2809"><meta name="DC.date.available" content="2023-0308-2809"><meta name="ChapterNumbering" content="no"><meta name="DC.format" content="HTML5"><meta name="DC.identifier" content="topic_title_Management_Interfaces_d1e15"><link href="https://fonts.googleapis.com/css?family=Open+Sans" rel="stylesheet"><link rel="stylesheet" type="text/css" href="https://documentation.media5corp.com/download/attachments/45482024/commonltr.css"><link rel="stylesheet" type="text/css" href="https://documentation.media5corp.com/download/attachments/45482024/custom.css"><title>Securing a Mediatrix Unit</title></head><body class="nobody"><header role="banner"><div class="topicmeta title">Securing a Mediatrix Unit</div><div class="topicmeta date">2023-0308-28<09</div><div class="topicmeta product">All Mediatrix Units</div><div class="topicmeta version">DGW 49.12.2884<2941</div><div class="topicmeta pdf"><a href="https://documentation.media5corp.com/download/attachments/45482024/Securing%20a%20Mediatrix%20Unit.pdf" rel="nofollow">Download PDF Document</a></div><hr><span style="float: inline-end;"></span></header><nav role="toc"><ul><li><a href="#topic_title_Management_Interfaces_d1e15">Management Interfaces</a><ul><li><a href="#task_dvf_js1_dq">Associating the Network Interface to the System Management Services</a></li><li><a href="#task_d4h_rnh_ts">Stopping Services - Web Interface</a></li><li><a href="#task_i1q_2pm_ts">Securing SNMP Interface</a></li><li><a href="#task_csg_ncn_ts">Forcing the Use of HTTPS</a></li></ul></li><li><a href="#topic_title_SIP_d1e20">SIP</a><ul><li><a href="#task_wm3_fp3_dq">Configuring the Local Firewall</a></li><li><a href="#task_cjm_53n_ts">Enabling TLS Transport for SIP</a></li><li><a href="#task_tqz_gct_ls">Enabling Secure Media (SRTP) on All Endpoints</a></li><li><a href="#unique_1275578771812448111">Enabling Secure Media (SRTP) on a Specific Endpoint</a></li></ul></li><li><a href="#topic_title_Configuration_Files_d1e25">Configuration Files</a><ul><li><a href="#task_i15_nwm_ts">Disabling DHCP Server Download</a></li><li><a href="#task_atj_cfn_ts">Configuring a Privacy Key</a></li></ul></li><li><a href="#task_ytj_mlh_ts">Disabling Partial Reset - ResetButtonManagement</a></li><li><a href="#reference_qxj_1hh_ts">Requirements</a></li><li><a href="#reference_j4g_nbv_gfb">Online Help</a></li><li><a href="#concept_v4k_q3h_1r">DGW Documentation</a></li><li><a href="#concept_fqm_rv4_k4">Copyright Notice</a></li></ul></nav><main role="main"><article role="article" aria-labelledby="ariaid-title1"><hr><span style="float: inline-end;"><a href="#">Top</a></span><article class="nested0" aria-labelledby="ariaid-title1" id="topic_title_Management_Interfaces_d1e15">
<h1 class="title topictitle1" id="ariaid-title1">Management Interfaces</h1>
<article class="topic task nested1" aria-labelledby="ariaid-title2" id="task_dvf_js1_dq">
<h2 class="title topictitle2" id="ariaid-title2">Associating the Network Interface to the System Management Services</h2>
<div class="body taskbody">
<section><div class="tasklabel"><strong class="sectiontitle tasklabel">Steps</strong></div><ol class="ol steps"><li class="li step">
<span class="ph cmd">Go to <span class="keyword wintitle">Management</span>/<span class="keyword wintitle">Misc</span>.</span>
</li><li class="li step">
<span class="ph cmd">From the <span class="keyword wintitle">Network Interface</span> selection
list, select the Network Interface you wish to bound to the system management
services.</span>
</li><li class="li step">
<span class="ph cmd">Click <span class="keyword wintitle">Apply</span>. </span>
</li></ol></section>
<section class="section result"><div class="tasklabel"><strong class="sectiontitle tasklabel">Result</strong></div>The user will access the System Management through the selected Network
Interface.</section>
</div>
<nav role="navigation" class="related-links"><div class="linklist relinfo reltasks"><div class="linklistlabel"><strong class="sectiontitle linklistlabel">Next Step</strong></div><ul class="linklist"><li class="linklist"><a class="link" href="#task_d4h_rnh_ts">Stopping Services - Web Interface</a></li></ul></div></nav></article><hr><span style="float: inline-end;"><a href="#">Top</a></span><article class="topic task nested1" aria-labelledby="ariaid-title3" id="task_d4h_rnh_ts">
<h2 class="title topictitle2" id="ariaid-title3">Stopping Services - Web Interface</h2>
<div class="body taskbody">
<section><div class="tasklabel"><strong class="sectiontitle tasklabel">Steps</strong></div><ol class="ol steps"><li class="li step">
<span class="ph cmd">Go to <span class="keyword wintitle">System</span>/<span class="keyword wintitle">Services</span>.</span>
</li><li class="li step">
<span class="ph cmd">In the <span class="keyword wintitle">User Service</span>
table, click <img class="image" id="task_d4h_rnh_ts__image_yw5_f4h_ts" src="https://documentation.media5corp.com/download/attachments/45482024/StopService.jpg" width="16"> next to the service you want to disable.</span>
</li><li class="li step">
<span class="ph cmd">Click <span class="keyword wintitle">Apply</span>.</span>
</li></ol></section>
</div>
<nav role="navigation" class="related-links"><div class="linklist relinfo reltasks"><div class="linklistlabel"><strong class="sectiontitle linklistlabel">Next Step</strong></div><ul class="linklist"><li class="linklist"><a class="link" href="#task_i1q_2pm_ts">Securing SNMP Interface</a></li></ul></div></nav></article><hr><span style="float: inline-end;"><a href="#">Top</a></span><article class="topic task nested1" aria-labelledby="ariaid-title4" id="task_i1q_2pm_ts">
<h2 class="title topictitle2" id="ariaid-title4">Securing SNMP Interface</h2>
<div class="body taskbody">
<section><div class="tasklabel"><strong class="sectiontitle tasklabel">Steps</strong></div><ol class="ol steps"><li class="li step">
<span class="ph cmd">Go to <span class="keyword wintitle">Management</span>/<span class="keyword wintitle">SNMP</span>.</span>
</li><li class="li step">
<span class="ph cmd">In the <span class="keyword wintitle">SNMP Configuration</span> table, set
the following parameters:</span>
<ol type="a" class="ol substeps" id="task_i1q_2pm_ts__substeps_mgy_g5m_ts">
<li class="li substep">
<span class="ph cmd">Set <span class="keyword wintitle">Enable SNMP V1</span> to
<span class="keyword wintitle">Disable</span>.</span>
</li>
<li class="li substep">
<span class="ph cmd">Set <span class="keyword wintitle">Enable SNMP V2</span> to
<span class="keyword wintitle">Disable</span>.</span>
</li>
<li class="li substep">
<span class="ph cmd">Set the <span class="keyword wintitle">Privacy Protocol</span>.
</span>
</li>
<li class="li substep">
<span class="ph cmd">In the <span class="keyword wintitle">Privacy Password</span>
field, enter a password of your choosing.</span>
</li>
</ol>
</li><li class="li step">
<span class="ph cmd">Click <span class="keyword wintitle">Apply</span>.</span>
</li></ol></section>
<section class="section result"><div class="tasklabel"><strong class="sectiontitle tasklabel">Result</strong></div>
<br><img class="image" id="task_i1q_2pm_ts__image_pld_z5m_ts" src="https://documentation.media5corp.com/download/attachments/45482024/SNMPConfiguration_Disable.png" width="800"><br>
</section>
</div>
<nav role="navigation" class="related-links"><div class="linklist relinfo reltasks"><div class="linklistlabel"><strong class="sectiontitle linklistlabel">Next Step</strong></div><ul class="linklist"><li class="linklist"><a class="link" href="#task_csg_ncn_ts">Forcing the Use of HTTPS</a></li></ul></div></nav></article><hr><span style="float: inline-end;"><a href="#">Top</a></span><article class="topic task nested1" aria-labelledby="ariaid-title5" id="task_csg_ncn_ts">
<h2 class="title topictitle2" id="ariaid-title5">Forcing the Use of HTTPS</h2>
<div class="body taskbody">
<section><div class="tasklabel"><strong class="sectiontitle tasklabel">Steps</strong></div><ol class="ol steps"><li class="li step">
<span class="ph cmd">Open CLI (Command Line Interface).</span>
</li><li class="li step">
<span class="ph cmd">Set <span class="keyword parmname">Web.HttpMode</span> to <span class="keyword parmname">Secure</span>.</span>
</li></ol></section>
<section class="section result"><div class="tasklabel"><strong class="sectiontitle tasklabel">Result</strong></div>The unit will now be forced to use HTTPS.</section>
</div>
<nav role="navigation" class="related-links"><div class="linklist relinfo reltasks"><div class="linklistlabel"><strong class="sectiontitle linklistlabel">Next Step</strong></div><ul class="linklist"><li class="linklist"><a class="link" href="#task_wm3_fp3_dq">Configuring the Local Firewall</a></li></ul></div></nav></article></article><hr><span style="float: inline-end;"><a href="#">Top</a></span><article class="topic nested0 nobody" aria-labelledby="ariaid-title6" id="topic_title_SIP_d1e20">
<h1 class="title topictitle1" id="ariaid-title6">SIP</h1>
<article class="topic task nested1" aria-labelledby="ariaid-title7" id="task_wm3_fp3_dq">
<h2 class="title topictitle2" id="ariaid-title7">Configuring the Local Firewall</h2>
<div class="body taskbody">
<section class="section prereq"><div class="tasklabel"><strong class="sectiontitle tasklabel">Before you begin</strong></div>You must have a Network Interface created.
</section>
<section><div class="tasklabel"><strong class="sectiontitle tasklabel">Steps</strong></div><ol class="ol steps"><li class="li step stepexpand">
<span class="ph cmd">Go to <span class="keyword wintitle">Network</span>/<span class="keyword wintitle">Local Firewall</span>.</span>
</li><li class="li step stepexpand">
<span class="ph cmd">In the <span class="keyword wintitle">Local Firewall Rules</span> table,
complete the fields as required.</span>
</li><li class="li step stepexpand">
<span class="ph cmd">In the <span class="keyword wintitle">Local Firewall Configuration</span>
table, from the <span class="keyword wintitle">Default Policy</span> selection
list, select <span class="keyword wintitle">Drop</span>.</span>
<div class="itemgroup info">
<div class="note important note_important"><span class="note__title">IMPORTANT:</span> Before setting the <span class="keyword wintitle">Default Policy</span> to
<span class="keyword wintitle">Drop</span>, i.e. to
apply the local firewall rules and to drop any incoming call that does not
match a rule, review your rules to make sure that at least one rule accepts
incoming packets for management, otherwise the communication with the
Mediatrix Sentinel will be lost.</div>
</div>
<div class="itemgroup info">
<div class="note note note_note"><span class="note__title">Note:</span> For example, if the Web interface is used for management (HTTP port 80)
via the unit's LAN interface (default IP address = 192.168.0.10), then the
following rule could be added:<span class="keyword parmname">Activation=Enable / Destination
Address=192.168.0.10 / Destination port=80 / Protocol=TCP /
Action=Accept</span>
</div>
</div>
<div class="itemgroup info">
<div class="note note note_note"><span class="note__title">Note:</span> For blacklisting to be used, at least one firewall rule must have the
<span class="keyword wintitle">Black listing enable</span> box checked. </div>
<div class="note note note_note"><span class="note__title">Note:</span> Before setting the <span class="keyword wintitle">Default Policy</span> to
<span class="keyword wintitle">Drop</span>, review
your rules to make sure that at least one rule accepts incoming packets,
otherwise the communication with the Mediatrix Sentinel will be lost.</div>
</div>
</li><li class="li step stepexpand">
<span class="ph cmd">Click <span class="keyword wintitle">Save</span>.</span>
<div class="itemgroup info">
<div class="note caution note_caution"><span class="note__title">Caution:</span> Take the time to carefully review your rules before
continuing to the next step.</div>
</div>
</li><li class="li step stepexpand">
<span class="ph cmd">Click <span class="keyword wintitle">Save & Apply</span> to
apply all changes to the configuration.</span>
</li><li class="li step stepexpand">
<span class="ph cmd">Click <span class="ph uicontrol">restart required services</span>,
located at the top of the page.</span>
</li></ol></section>
<section class="section result"><div class="tasklabel"><strong class="sectiontitle tasklabel">Result</strong></div>The Local Firewall will drop packets without any notification message. <p class="p">If a rule
with the <span class="keyword wintitle">Black listing enable</span> box checked matches a packet and no <span class="keyword wintitle">Rate Limit Value</span> was set, then the
source address of the packet will be black listed and all packets coming from this
address will be blocked for the duration of the <span class="keyword wintitle">Blacklist Timeout</span>.</p><p class="p">If a
rule with the <span class="keyword wintitle">Black listing enable</span> box checked
matches a packet and the <span class="keyword wintitle">Rate Limit Value</span> has been reached,
then the source address of the packet will be black listed and all packets coming
from this address will be blocked for the duration set for the <span class="keyword wintitle">Blacklist Rate Limit
Timeout</span>.</p></section>
</div>
<nav role="navigation" class="related-links"><div class="linklist relinfo reltasks"><div class="linklistlabel"><strong class="sectiontitle linklistlabel">Next Step</strong></div><ul class="linklist"><li class="linklist"><a class="link" href="#task_cjm_53n_ts">Enabling TLS Transport for SIP</a></li></ul></div></nav></article><hr><span style="float: inline-end;"><a href="#">Top</a></span><article class="topic task nested1" aria-labelledby="ariaid-title8" id="task_cjm_53n_ts">
<h2 class="title topictitle2" id="ariaid-title8">Enabling TLS Transport for SIP</h2>
<div class="body taskbody">
<section class="section prereq"><div class="tasklabel"><strong class="sectiontitle tasklabel">Before you begin</strong></div>A TLS certificate must be installed on the Mediatrix unit.</section>
<section><div class="tasklabel"><strong class="sectiontitle tasklabel">Steps</strong></div><ol class="ol steps"><li class="li step stepexpand">
<span class="ph cmd">Go to <span class="keyword wintitle">SIP</span>/<span class="keyword wintitle">Transport</span>.</span>
</li><li class="li step stepexpand">
<span class="ph cmd">In the <span class="keyword wintitle">Protocol Configuration</span> table,
set <span class="keyword wintitle">TLS</span> to <span class="keyword wintitle">Enable</span>.</span>
<div class="itemgroup info">
<div class="note important note_important"><span class="note__title">IMPORTANT:</span> The Mediatrix unit does not support a mix of both TLS and
non-TLS links. Once TLS is <strong class="ph b">enabled</strong>, all configured gateways will use
TLS, and all other protocols will be disabled.</div>
</div>
</li><li class="li step stepexpand">
<span class="ph cmd">Click <span class="keyword wintitle">Apply</span>.</span>
</li></ol></section>
</div>
<nav role="navigation" class="related-links"><div class="linklist relinfo reltasks"><div class="linklistlabel"><strong class="sectiontitle linklistlabel">Next Step</strong></div><ul class="linklist"><li class="linklist"><a class="link" href="#task_tqz_gct_ls">Enabling Secure Media (SRTP) on All Endpoints</a></li></ul></div></nav></article><hr><span style="float: inline-end;"><a href="#">Top</a></span><article class="topic task nested1" aria-labelledby="ariaid-title9" id="task_tqz_gct_ls">
<h2 class="title topictitle2" id="ariaid-title9">Enabling Secure Media (SRTP) on All Endpoints</h2>
<div class="body taskbody">
<section class="section prereq"><div class="tasklabel"><strong class="sectiontitle tasklabel">Before you begin</strong></div>Encrypted/secure signaling must be configured.</section>
<section><div class="tasklabel"><strong class="sectiontitle tasklabel">Steps</strong></div><ol class="ol steps"><li class="li step stepexpand">
<span class="ph cmd">Go to <span class="keyword wintitle">Media</span>/<span class="keyword wintitle">Security</span>.</span>
</li><li class="li step stepexpand">
<span class="ph cmd">From the <span class="keyword wintitle">Select Endpoint</span> selection list, choose <span class="keyword wintitle">Default</span>.</span>
</li><li class="li step stepexpand">
<span class="ph cmd">In the <span class="keyword wintitle">Security</span> table,</span>
<ol type="a" class="ol substeps" id="task_tqz_gct_ls__substeps_ct1_kpj_lpb">
<li class="li substep substepexpand">
<span class="ph cmd">From the <span class="keyword wintitle">Mode</span> drop box, select <span class="keyword wintitle">Secure</span> or <span class="keyword wintitle">Secure with fallback</span>.</span>
</li>
<li class="li substep substepexpand">
<span class="ph cmd">From the <span class="keyword wintitle">Key Management Protocol</span> drop box, select the protocol.</span>
<div class="itemgroup info">
<div class="note note note_note"><span class="note__title">Note:</span> Enabling <span class="keyword wintitle">SDES</span> instead of
<span class="keyword wintitle">MIKEY</span>
will make the SIP INVITEs slightly different. Choosing the <span class="keyword wintitle">SDES</span> protocol
will add the <samp class="ph msgph">a=crypto</samp> line within the SDP Media
Attributes while choosing the <span class="keyword wintitle">MIKEY</span> protocol
will add the <samp class="ph msgph">a=key-mgmt:mikey</samp> line within the SDP
Session Attributes.</div>
</div>
</li>
<li class="li substep substepexpand">
<span class="ph cmd">From the drop box,
select the <var class="keyword varname">AES_CM_128</var> encryption algorithm.</span>
</li>
<li class="li substep substepexpand">
<span class="ph cmd">From the <span class="keyword wintitle">Allow Unsecure T.38 with Secure RTP</span> selection, choose if unsecure <span class="ph uicontrol">T.38</span> is allowed with
RTP.</span>
<div class="itemgroup info">
<div class="note note note_note"><span class="note__title">Note:</span> <span class="ph uicontrol">T.38</span>
packets will never be encrypted. The setting <span class="keyword wintitle">Allow Unsecure T.38 with Secure RTP</span> will make possible to use <span class="ph uicontrol">T.38</span>, otherwise
it will be rejected. If not using <span class="ph uicontrol">T.38</span> for faxing,
to avoid an impact on the number of simultaneous calls a Mediatrix
unit can handle in SRTP, set the <span class="keyword wintitle">Allow Unsecure T.38 with Secure RTP</span> parameter to <span class="keyword wintitle">No</span> and refer to
the <a class="xref" href="https://documentation.media5corp.com/display/DGWLATEST/Standard+Fax+Configuration" target="_blank">Standard Fax Configuration</a>
document to disable <span class="ph uicontrol">T.38</span> Fax
Transmission.</div>
</div>
</li>
</ol>
</li><li class="li step stepexpand">
<span class="ph cmd">In the <span class="keyword wintitle">SRTP Preferences</span> table,</span>
<ol type="a" class="ol substeps" id="task_tqz_gct_ls__substeps_sg1_1qj_lpb">
<li class="li substep"><span class="ph cmd">From the <span class="keyword wintitle">Crypto Mode When Sending Offer</span> drop
box, select the preferred mode.</span></li>
<li class="li substep"><span class="ph cmd">From the <span class="keyword wintitle">Crypto Mode When Sending Answer</span>
drop box, select the preferred mode.</span></li>
<li class="li substep"><span class="ph cmd">From the <span class="keyword wintitle">Crypto Context Behavior</span> drop
box, select the preferred behavior.</span></li>
</ol>
<div class="itemgroup info">
<div class="note note note_note"><span class="note__title">Note:</span> For more information about the recommended <span class="keyword wintitle">SRTP Preferences</span>, please refer
to <a class="xref" href="https://documentation.media5corp.com/display/DGWLATEST/Setting+the+Security+Parameters+of+the+RTP+Stream#reference_fmk_ynh_npb" target="_blank">Recommended SRTP Preferences for a Typical VoIP Network</a> section of the <a class="xref" href="https://documentation.media5corp.com/display/DGWLATEST/Setting+the+Security+Parameters+of+the+RTP+Stream" target="_blank">Setting the Security Parameters of the RTP Stream</a> document.</div>
</div>
<div class="itemgroup info">
<div class="note note note_note"><span class="note__title">Note:</span> For troubleshooting the SRTP interoperability, please refer to the <a class="xref" href="https://documentation.media5corp.com/display/DGWLATEST/SRTP+Troubleshooting" target="_blank">SRTP Troubleshooting</a> document.</div>
</div>
</li><li class="li step stepexpand">
<span class="ph cmd">Click <span class="keyword wintitle">Apply</span>.</span>
</li></ol></section>
<section class="section result"><div class="tasklabel"><strong class="sectiontitle tasklabel">Result</strong></div>
<p class="p">All new SIP exchanges will contain RTP/SAVP negotiation elements.</p>
<br><img class="image" id="task_tqz_gct_ls__image_pcj_vkf_ms" src="https://documentation.media5corp.com/download/attachments/45482024/Security_endpointDefault.png"><br>
</section>
</div>
<nav role="navigation" class="related-links"><div class="linklist relinfo reltasks"><div class="linklistlabel"><strong class="sectiontitle linklistlabel">Next Step</strong></div><ul class="linklist"><li class="linklist"><a class="link" href="#task_i15_nwm_ts">Disabling DHCP Server Download</a></li></ul></div></nav></article><hr><span style="float: inline-end;"><a href="#">Top</a></span><article class="topic task nested1" aria-labelledby="ariaid-title10" id="unique_1275578771812448111">
<h2 class="title topictitle2" id="ariaid-title10">Enabling Secure Media (SRTP) on a Specific Endpoint</h2>
<div class="body taskbody">
<section class="section prereq"><div class="tasklabel"><strong class="sectiontitle tasklabel">Before you begin</strong></div>Encrypted/secure signaling must be configured.</section>
<section><div class="tasklabel"><strong class="sectiontitle tasklabel">Steps</strong></div><ol class="ol steps"><li class="li step stepexpand">
<span class="ph cmd">Go to <span class="keyword wintitle">Media</span>/<span class="keyword wintitle">Security</span>.</span>
</li><li class="li step stepexpand">
<span class="ph cmd">From the <span class="keyword wintitle">Select Endpoint</span> selection list, choose an endpoint. </span>
<div class="itemgroup info">
<div class="note note note_note"><span class="note__title">Note:</span> The list of available endpoints will vary depending on the type of unit
being used.</div>
</div>
</li><li class="li step stepexpand">
<span class="ph cmd">In the <span class="keyword wintitle">Security</span>
table, from the <span class="keyword wintitle">Mode</span>
drop box, select <span class="keyword wintitle">Secure</span> or <span class="keyword wintitle">Secure with fallback</span>.</span>
</li><li class="li step stepexpand">
<span class="ph cmd">From the <span class="keyword wintitle">Key Management Protocol</span> drop
box, select the protocol. </span>
<div class="itemgroup info">
<div class="note note note_note"><span class="note__title">Note:</span> Enabling <span class="keyword wintitle">SDES</span>
instead of <span class="keyword wintitle">MIKEY</span>
will make the SIP INVITEs slightly different. Choosing the <span class="keyword wintitle">SDES</span> protocol will add
the <samp class="ph msgph">a=crypto</samp> line within the SDP Media Attributes while
choosing the <span class="keyword wintitle">MIKEY</span>
protocol will add the <samp class="ph msgph">a=key-mgmt:mikey</samp> line within the SDP
Session Attributes.</div>
</div>
</li><li class="li step stepexpand">
<span class="ph cmd">From the
drop box, select the <var class="keyword varname">AES_CM_128</var> encryption algorithm.</span>
</li><li class="li step stepexpand">
<span class="ph cmd">Click <span class="keyword wintitle">Apply</span>.</span>
</li></ol></section>
<section class="section result"><div class="tasklabel"><strong class="sectiontitle tasklabel">Result</strong></div>
<p class="p">All new SIP exchanges going through the specified endpoint will contain RTP/SAVP negotiation elements.</p>
<br><img class="image" id="unique_1275578771812448111__image_ppc_gnl_fhb" src="https://documentation.media5corp.com/download/attachments/45482024/Security_endpointSpecific.png"><br>
</section>
</div>
</article></article><hr><span style="float: inline-end;"><a href="#">Top</a></span><article class="topic nested0 nobody" aria-labelledby="ariaid-title11" id="topic_title_Configuration_Files_d1e25">
<h1 class="title topictitle1" id="ariaid-title11">Configuration Files</h1>
<article class="topic task nested1" aria-labelledby="ariaid-title12" id="task_i15_nwm_ts">
<h2 class="title topictitle2" id="ariaid-title12">Disabling DHCP Server Download</h2>
<div class="body taskbody">
<section><div class="tasklabel"><strong class="sectiontitle tasklabel">Steps</strong></div><ol class="ol steps"><li class="li step">
<span class="ph cmd">Go to <span class="keyword wintitle">Management</span>/<span class="keyword wintitle">Configuration Scripts</span>.</span>
</li><li class="li step">
<span class="ph cmd">In the <span class="keyword wintitle">Automatic Script
Execution</span>
table, set <span class="keyword wintitle">Allow DHCP to Trigger Scripts
Execution</span> to <span class="keyword wintitle">Disable</span>.</span>
</li><li class="li step">
<span class="ph cmd">Click <span class="keyword wintitle">Apply</span>.</span>
</li></ol></section>
<section class="section result"><div class="tasklabel"><strong class="sectiontitle tasklabel">Result</strong></div><p class="p">Ensures that no one can send a new configuration file to the unit if the DHCP server is compromised.</p>
<br><img class="image" id="task_i15_nwm_ts__image_mqm_mxm_ts" src="https://documentation.media5corp.com/download/attachments/45482024/AutomaticScriptExecution_DHCPTrigger_Disable.png" width="800"><br>
</section>
</div>
<nav role="navigation" class="related-links"><div class="linklist relinfo reltasks"><div class="linklistlabel"><strong class="sectiontitle linklistlabel">Next Step</strong></div><ul class="linklist"><li class="linklist"><a class="link" href="#task_atj_cfn_ts">Configuring a Privacy Key</a></li></ul></div></nav></article><hr><span style="float: inline-end;"><a href="#">Top</a></span><article class="topic task nested1" aria-labelledby="ariaid-title13" id="task_atj_cfn_ts">
<h2 class="title topictitle2" id="ariaid-title13">Configuring a Privacy Key</h2>
<div class="body taskbody">
<section><div class="tasklabel"><strong class="sectiontitle tasklabel">Steps</strong></div><ol class="ol steps"><li class="li step">
<span class="ph cmd">Go to <span class="keyword wintitle">Management</span> >
<span class="keyword wintitle">Configuration Scripts</span>.</span>
</li><li class="li step">
<span class="ph cmd">In the <span class="keyword wintitle">Execute Scripts</span>
table, set a privacy key of your choosing in the <span class="keyword wintitle">Privacy Key</span> field.</span>
</li></ol></section>
<section class="section result"><div class="tasklabel"><strong class="sectiontitle tasklabel">Result</strong></div>The unit will only accept scripts that have been encrypted with this privacy key.
The privacy key also ensures that the files are encrypted when using unsecure transfer
mode (HTTP,TFTP,FTP).</section>
</div>
<nav role="navigation" class="related-links"><div class="linklist relinfo reltasks"><div class="linklistlabel"><strong class="sectiontitle linklistlabel">Next Step</strong></div><ul class="linklist"><li class="linklist"><a class="link" href="#task_ytj_mlh_ts">Disabling Partial Reset - ResetButtonManagement</a></li></ul></div></nav></article></article><hr><span style="float: inline-end;"><a href="#">Top</a></span><article class="topic task nested0" aria-labelledby="ariaid-title14" id="task_ytj_mlh_ts">
<h1 class="title topictitle1" id="ariaid-title14">Disabling Partial Reset - ResetButtonManagement</h1>
<div class="body taskbody">
<section><div class="tasklabel"><strong class="sectiontitle tasklabel">Steps</strong></div><ol class="ol steps"><li class="li step">
<span class="ph cmd">Open CLI (Command Line Interface).</span>
</li><li class="li step">
<span class="ph cmd">Set <span class="keyword parmname">ResetButtonManagement</span> to
<span class="keyword parmname">DisablePartialReset</span>.</span>
</li></ol></section>
<section class="section result"><div class="tasklabel"><strong class="sectiontitle tasklabel">Result</strong></div>The Mediatrix unit will no longer partially reset the unit. </section>
</div>
</article><hr><span style="float: inline-end;"><a href="#">Top</a></span><article class="topic reference nested0" aria-labelledby="ariaid-title15" id="reference_qxj_1hh_ts">
<h1 class="title topictitle1" id="ariaid-title15">Requirements</h1>
<div class="body refbody">
<section class="section"><h2 class="title sectiontitle">CLI</h2>
<p class="p">Make sure the Telnet access is disabled. You can look at the Cli.EnableTelnet variable to
verify if Telnet connections are allowed. The access is disabled by default.</p>
</section>
<section class="section"><h2 class="title sectiontitle">Additional considerations</h2>
<ul class="ul" id="reference_qxj_1hh_ts__ul_u5c_f3h_ts">
<li class="li">In the initial configuration of the unit, review the users and change their passwords
and access rights according to your security policy.</li>
<li class="li">On FXS devices, the Vocal Unit Information allows a caller on an FXS port to dial codes
to get information on the unit like the IP addresses and the MAC address. It is
recommended to turn this feature off to prevent attackers from gaining information on the
Mediatrix unit setup.</li>
</ul>
</section>
</div>
</article><hr><span style="float: inline-end;"><a href="#">Top</a></span><article class="topic reference nested0" aria-labelledby="ariaid-title16" id="reference_j4g_nbv_gfb">
<h1 class="title topictitle1" id="ariaid-title16">Online Help</h1>
<p class="shortdesc"><span class="ph">If you are not familiar with the meaning of the fields and
buttons, click <span class="keyword wintitle">Show Help</span>, located at the upper right corner of
the Web page. When activated, the fields and buttons that offer online help will
change to green and if you hover over them, the description will bedisplayed.</span></p>
</article><hr><span style="float: inline-end;"><a href="#">Top</a></span><article class="topic concept nested0" aria-labelledby="ariaid-title17" id="concept_v4k_q3h_1r">
<h1 class="title topictitle1" id="ariaid-title17">DGW Documentation</h1>
<div class="body conbody"><p class="shortdesc">Mediatrix devices are supplied with an exhaustive set of documentation. </p>
<p class="p">Mediatrix user documentation is available on the <a class="xref" href="http://documentation.media5corp.com" target="_blank">Media5 Documentation
Portal</a>.</p>
<div class="p">Several types of documents were created to clearly present the information you are looking for.
Our documentation includes:<ul class="ul" id="concept_v4k_q3h_1r__ul_bqy_cjh_1r">
<li class="li"><strong class="ph b">Release notes</strong>: Generated at each GA release, this document includes the known and
solved issues of the software. It also outlines the changes and the new features the release
includes.</li>
<li class="li"><strong class="ph b">Configuration notes</strong>: These documents are created to facilitate the configuration of a
specific use case. They address a configuration aspect we consider that most users will need to
perform. However, in some cases, a configuration note is created after receiving a question
from a customer. They provide standard step-by-step procedures detailing the values of the
parameters to use. They provide a means of validation and present some conceptual information.
The configuration notes are specifically created to guide the user through an aspect of the
configuration. </li>
<li class="li"><strong class="ph b">Technical bulletins</strong>: These documents are created to facilitate the configuration of a
specific technical action, such as performing a firmware upgrade.</li>
<li class="li"><strong class="ph b">Hardware installation guide</strong>: They provide the detailed procedure on how to safely and
adequately install the unit. It provides information on card installation, cable connections,
and how to access for the first time the Management interface.</li>
<li class="li"><strong class="ph b">User guide</strong>: The user guide explains how to customise to your needs the configuration
of the unit. Although this document is task oriented, it provides conceptual information to
help the user understand the purpose and impact of each task. The User Guide will provide
information such as where and how TR-069 can be configured in the Management Interface, how to
set firewalls, or how to use the CLI to configure parameters that are not available in the
Management Interface.</li>
<li class="li"><strong class="ph b">Reference guide</strong>: This exhaustive document has been created for advanced users. It
includes a description of all the parameters used by all the services of the Mediatrix units.
You will find, for example, scripts to configure a specific parameter, notification messages
sent by a service, or an action description used to create Rulesets. This document includes
reference information such as a dictionary, and it does not include any step-by-step
procedures. </li>
</ul></div>
</div>
</article><hr><span style="float: inline-end;"><a href="#">Top</a></span><article class="topic concept nested0" aria-labelledby="ariaid-title18" id="concept_fqm_rv4_k4">
<h1 class="title topictitle1" id="ariaid-title18">Copyright Notice</h1>
<div class="body conbody"><p class="shortdesc">Copyright © 2023 Media5 Corporation.</p>
<p class="p">This document contains information that is proprietary to Media5 Corporation.</p>
<p class="p">Media5 Corporation reserves all rights to this document as well as to the Intellectual Property
of the document and the technology and know-how that it includes and represents.</p>
<p class="p">This publication cannot be reproduced, neither in whole nor in part, in any form whatsoever,
without written prior approval by Media5 Corporation.</p>
<p class="p">Media5 Corporation reserves the right to revise this publication and make changes at any time
and without the obligation to notify any person and/or entity of such revisions and/or
changes.</p>
</div>
</article></article></main></body></html> |
