Allo.com Stm User manual

STM User Manual

www.allo.com Version 1.0 1

STM User Manual

www.allo.com Version 1.0 2

Copy Right

No part of this publication may be copied, distributed, transmitted, transcribed, stored in a

retrieval system, or translated into any human or computer language without the prior written

permission of http://www.allo.com. This document has been prepared for use by professional

and properly trained personnel, and the customer assumes full responsibility when using it.

Proprietary Rights

The information in this document is Confidential to Allo.com and is legally privileged. The

information and this document are intended solely for the addressee. Use of this document by

anyone else for any other purpose is unauthorized. If you are not the intended recipient, any

disclosure, copying, or distribution of this information is prohibited and unlawful.

Disclaimer

Information in this document is subject to change without notice and should not be construed as

a commitment on the part of http://www.allo.com. And does not assume any responsibility or

make any warranty against errors. It may appear in this document and disclaims any implied

warranty of merchantability or fitness for a particular purpose.

STM User Manual

www.allo.com Version 1.0 3

About this manual

This manual describes the Allo product application and explains how to work and use it major

features. It serves as a means to describe the user interface and how to use it to accomplish

common tasks. This manual also describes the underlying assumptions and users make the

underlying data model.

Document Conventions

In this manual, certain words are represented in different fonts, typefaces, sizes, and weights.

This highlighting is systematic; different words are represented in the same style to indicate their

inclusion in a specific category. Additionally, this document has different strategies to draw User

attention to certain pieces of information. In order of how critical the information is to your

system, these items are marked as a note, tip, important, caution, or warning.

Icon

Purpose

Note

Tip/Best Practice

Important

Caution

Warning

Bold indicates the name of the menu items, options, dialog boxes, windows and functions.

The color blue with underline is used to indicate cross-references and hyperlinks.

Numbered Paragraphs - Numbered paragraphs are used to indicate tasks that need to be

carried out. Text in paragraphs without numbering represents ordinary information.

The Courier font indicates a command sequence, file type, URL, Folder/File name

e.g. http://www.allo.com

Support Information

Every effort has been made to ensure the accuracy of the document. If you have comments,

questions, or ideas regarding the document contact online support: http://support.allo.com

STM User Manual

www.allo.com Version 1.0 4

Table of Contents

About this manual.................................................................................................................3

Document Conventions.........................................................................................................3

Support Information .............................................................................................................3

1. Introduction ................................................................................................................. 7

1.1 . Overview....................................................................................................................7

1.1.1. Notification LEDs (On the Front Panel of the STM)..................................................9

1.1.2. STM Rear View:.......................................................................................................10

1.1.3. STM Deployment Considerations...........................................................................10

2. Initial Setup & Configuration....................................................................................... 13

2.1 .Default Configuration...............................................................................................13

2.2. Accessing the WebUI....................................................................................................14

2.3. WebUI Session timeout................................................................................................16

2.4. WebUI Settings.............................................................................................................16

2.5. Dashboard ....................................................................................................................17

3. Device Configuration .................................................................................................. 19

3.1. General Settings ...........................................................................................................20

3.2. Time Settings................................................................................................................22

3.3. Management Access ....................................................................................................22

3.4. Signature Update .........................................................................................................24

3.5. Logging .........................................................................................................................25

Contents

STM User Manual

www.allo.com Version 1.0 5

4. Security Settings ......................................................................................................... 27

4.1. SIP Attacks Detection ...................................................................................................27

4.2. SIP Servers....................................................................................................................33

4.3. SIP Settings...................................................................................................................34

4.4. SIP Monitoring..............................................................................................................38

4.5. Call Blocker Rules .........................................................................................................38

4.6. Firewall Rules ...............................................................................................................41

4.7. Firewall Settings ...........................................................................................................42

4.8. Whitelist IP Addresses..................................................................................................43

4.9. Blacklist IP Addresses ...................................................................................................45

4.10. Dynamic Blacklist IP Addresses ..................................................................................46

4.11. Geo IP Filters ..............................................................................................................46

5. Logs............................................................................................................................ 48

5.1. Security Alerts ..............................................................................................................48

5.2. Call Blocker Logs...........................................................................................................50

5.3. SIP Monitoring Logs......................................................................................................50

5.4. System Logs..................................................................................................................51

6. Tools .......................................................................................................................... 53

6.1. Administration..............................................................................................................53

6.2. Diagnostics ...................................................................................................................54

6.3. Ping...............................................................................................................................55

6.4. Trace route...................................................................................................................55

6.5. Troubleshooting ...........................................................................................................56

6.6. Firmware Upgrade .......................................................................................................57

STM User Manual

www.allo.com Version 1.0 6

6.7. Logs Archive .................................................................................................................58

7. Frequently Asked Questions (FAQs) ............................................................................ 59

8. Glossary ..................................................................................................................... 60

9. Appendix A –Using Console Access............................................................................. 64

10. Appendix B –Configuring STM IP Address via Console............................................... 65

STM User Manual

www.allo.com Version 1.0 7

1. Introduction

1.1. Overview

This User manual describes the steps involved in setting up the allo STM Appliance. Allo STM is

an appliance based VoIP threat prevention solution dedicated to protect the SIP based

PBX/Telecom Gateway/IP Phones/Mobile device deployments. The appliance runs the Real time

Deep Packet Inspection on the SIP traffic to identify the VOIP attack vectors and prevents the

threats impacting the SIP based devices. The appliance has been made to seamlessly integrate

with the existing network infrastructure and reduces the complexity of deployment.

The appliance feature set includes,

Analyze SIP packets using the Realtime Deep Packet inspection engine.

SIP Protocol Anomaly detection with configurability of detection parameters.

Detection and Prevention of the following categories of SIP based Attacks.

Reconnaissance attacks ( SIP Devices Fingerprinting, User enumeration, Password

Cracking Attempt )

Dos/DDos Attacks

Cross Site Scripting based attacks.

Buffer overflow attacks

SIP Anomaly based attacks

3rd Party vendor vulnerabilities

Toll Fraud detection and prevention

Protection against VOIP Spam & War Dialing

Introduction

STM User Manual

www.allo.com Version 1.0 8

Attack response includes the option for quietly dropping malicious SIP packets to help

prevent continued attacks

Dynamic Blacklist Update service for VOIP, SIP PBX/Gateway Threats

Configurability of Blacklist/White list/Firewall rules.

Support for Geo Location based blocking.

Provide the option to secure against PBX Application vulnerabilities

Operate at Layer 2 device thus transparent to existing IP infrastructure - no changes

required to add the device to your existing network

Web/SSL based Device Management Access which will allow managing the device

anywhere from the Cloud.

Ability to restrict the device management access to specific IP/Network.

Provide System Status/Security events logging option to a remote Syslog server.

Provides the SIP throughput up to ~10Mbps.

Support for Signature update subscription and automated signature update mechanism.

The device has been made to operate with default configuration with just powering on

the device. No administrator intervention is required to operate the device with default

configuration.

USB based power supply

Optional support for security events logging on the USB based storage.

STM User Manual

www.allo.com Version 1.0 9

Technical Specifications

Functional Mode

Transparent Firewall with SIP Deep Packet Engine.

SIP Intrusion/Prevention

~400+ SIP Attack Signatures Support

Throughput

~10Mbps

No of concurrent calls supports

Up to 50 concurrent calls

Logging

Local Security Event Console, Remote Syslog

Device Management

Web GUI via Https & SSH CLI

Hardware

MIPS based 32bit Processor Single core, 300MHz

Primary Storage

16 MB Flash

RAM

64MB

Secondary Storage

USB Storage devices support for logging ( Optional)

Interfaces

Two Fast Ethernet Interfaces.

1.1.1. Notification LEDs (On the Front Panel of the STM)

Figure 1: Front Panel LED Notifications

STM User Manual

www.allo.com Version 1.0 10

The STM package includes:

1 STM Appliance

1 USB Power Adapter

1 Serial Console Cable

2 Ethernet Cables

1.1.2. STM Rear View:

Figure 2: STM Rear View

1.1.3. STM Deployment Considerations

The STM has been made to protect the SIP based PBX/Gateway Servers against SIP based

network threats and anomalies. Thus it is recommended to deploy the STM along with the

PBX/Gateway deployment as given in the following scenarios based on what is applicable in the

user’s setup.

Deployment Scenario 1

Figure 3: Scenario 1

Other manuals for STM

Table of contents

Other Allo.com Firewall manuals

Allo.com

Allo.com UTM User manual

Popular Firewall manuals by other brands

Fortinet

Fortinet FSM-500F Configuration guide

Cisco

Cisco Meraki MX100 installation guide

Cisco

Cisco S190 quick start guide

Fortinet

Fortinet FortiGate Voice Series install guide

SecureLogix

SecureLogix ETM System installation guide

Huawei

Huawei USG6000 Series Upgrade guide

NETGEAR

NETGEAR ProSafe FVX538 Reference manual

Lanner

Lanner FW-8877 user manual

Nexcom

Nexcom DNA 1150 user manual

Cisco

Cisco 3110 Hardware installation guide

Fortinet

Fortinet FortiGate-60 series install guide

ADTRAN

ADTRAN NetVanta 2300 Specifications

Swisscom

Swisscom Internet Backup manual

SonicWALL

SonicWALL NSa 5700 quick start guide

DPtech

DPtech FW1000 SERIES Maintenance manual

FEITIAN

FEITIAN MultiPass FIDO product manual

Trend Micro

Trend Micro Deep Edge quick start guide

Smoothwall

Smoothwall S10 Appliance Getting started guide

Allo.com STM User manual

Popular Firewall manuals by other brands