SIP Profile Configuration
- Nathaniel Halbrooks
SIP Profile Overview
A SIP Profile is an account built on the SBC which contains a set of SIP attributes that are associated to the SBC itself.
The SIP profile is used as a configuration for how the external endpoints may connect to the SBC.
You bind an IP address, port, and other SIP related features to a SIP profile.
You also bind call routes, domain profiles, media profiles, and SIP trunks to SIP profiles.
A SIP profile contains SIP UA configuration.
Sangoma SBC can be configured to behave as multiple UA each with a different configuration (and therefore a different set of IP:port pair each).
SIP Profile describes information that is local to the SBC
Information needed for remote user agents to connect to Sangoma SBC.
Local listening port
Local authentication user information
Local transport info: TCP,UDP etc..
SIP Profile Configuration
You can create SIP profiles by going to “Configuration -> Signaling -> SIP Profiles”.
For the SIP profile name, use a descriptive name (no spaces) such as “internal”, “internal-network”, “external-users” etc.
*Remember a SIP profile is a SIP UA that will be used to communicate with other SIP UA (ie SIP phones) or Servers (ITSP, SIP Proxies etc)
Once you click “Create”, you will get a configuration page for the new SIP profile that allows you to specify:
all the details about your new SIP profile
including the IP information to be used,
TLS/SRTP settings, etc.
Pay special attention to the following fields:
SIP Profile Field | Description |
|---|---|
IP Address | This is the IP address where NSC will listen for calls |
Transport | Most implementations will want to leave the default “UDP+TCP”, this means SIP packets will be accepted in both UDP and TCP protocols. |
Port | Most of the time you will want to leave the default 5060 port. |
Authenticate Calls | This means any SIP calls (INVITE requests) will be accepted and not challenged. |
Routing Plan: | You have to choose the routing plan you created before () |
!Security Note: If you Disable Authenticate Calls in the SBC, take care that the remote SIP UA, eg: IP IPBX has authetication enabled.
!Security Note: if you are exposing a SIP Profile to the public internet, you may want to change its Port to something different than default 5060, in order to reduce attach exposure.
Many malicious tools scan for for 5060 to find SIP systems connected to the internet. Even though Sangoma SBC comes with several protection mechanisms to detect scans, you will be better off on the internet by using a different port.
The contextual help on each field will give you information about what each field in the SIP profile does.
When done configuring the SIP profile click “Save”.
You can now proceed to optionally bind one or more domains to this SIP profile.
When you bind a domain to a SIP profile you are attaching all the user directory of each domain bound for this SIP profile to be able to accept registrations and/or perform authentication of SIP INVITE messages based on the user/password information stored in the domain user directory (or performed via authentication forwarded according to the domain configuration).
*Note that in order to perform SIP authentication you have to set the “Authenticate Calls” parameter to “Enable”.
To bind a domain to a SIP profile simply click “Bind” in the SIP profile modification page:
Then choose the domains you which to bind.
Finally click “Bind”. You will see now the domain listed in the SIP profile page.