14.3.3.1. General Information 
- Secure
-
If Proxy and/or Registrar, Inbound proxy and/or Outbound proxy are configured via the WBM, each incoming call is checked if the partner address is configured. If not, the call is rejected (with 403 Forbidden).Hint: when not using profiles for native SIP Trunk there is no checking against the partner IP making the gateway vulnerable to SIP calls being spoofed. It must be then ensured the gateway is protected in other ways e.g. using VLAN separation from client network etc.
- The right profile for the right partner
-
Trunk profiles are already tailored to the specific needs of a SIP trunk partner, e.g. if in an outgoing FROM header account or call number should be sent.Generic Profiles are available where a partner is not certified.
- DNS SRV support
-
DNS SRV propagates via DNS which IP-based services (e.g. SIP) in a domain (e.g. SIP provider domain) are provided. More than one partner IP address can be configured using DNS/ SRVDNS SRV timeout is influenced by two factors:Transaction timeout configured in:
- RFC 3261 Timer Values
- WBM-Voice Gateway-SIP Parameters-RFC 3261 Timer Values-Transaction timeout
Blocking timeout- DNS-SRV Records / SIP Flooding Defense
- WBM-Voice Gateway-SIP Parameters-Blocking time for unreachable destination/flood defense
For example, if DNS SRV contains two partners IP addresses, IP1 and IP2, when there is no answer at an Invite to IP1, for UDP only the GW retransmits the request, until timeout. First after 500ms, then doubles the interval after each retransmission. Then, after transaction timeout, IP2 is contacted, for current and next transactions, for the period of "blocking timeout" and IP1 is banned.Notes: - Only one profile can be activated.
- Trunk profiles “Use Profiles for Trunks via Native SIP” may only be deactivated for test purposes.
- The outbound proxy must be configured if a Session Border Controller (SBC) is used for LAN/WAN Nat-Traversal.