This knowledge base will soon be replaced with https://help.sangoma.com/.
To ensure continued access to our resources, update your bookmarks or links to https://help.sangoma.com/.



What security is used on the StarBox® Voice Optimized SD-WAN?

Edited: 08/01/2022
Access: Everyone
Supports: Business Voice, Business Voice+

StarBox® Voice Optimized SD-WAN Security

The StarBox® Voice Optimized SD-WAN has multiple levels of security, including packet filtering on all available interfaces. In addition to only allowing specific traffic to specific services, the StarBox® Voice Optimized SD-WAN only allows inbound traffic from Star2Star's range of IP addresses.

If the packets are destined for the telephony network, we verify that they are in-fact telephony packets. Also, since the phones are not given a publicly reachable ip address (being behind our StarBox® Voice Optimized SD-WAN), they are protected. Without having a world-reachable ip address, they are protected from attacks originating off the customers network.

If the packets are destined for the data network, the StarBox® Voice Optimized SD-WAN allows the traffic to pass untouched to the customer defined DMZ host. The customer must configure a firewall or similar device to apply security measures to inbound data traffic.

If the customer has not defined a DMZ host in the StarBox® Voice Optimized SD-WAN configuration, the StarBox will simply drop any packets that are not of the voice classification or Star2Star administration classification.

All of the administration services running on a StarBox® Voice Optimized SD-WAN are encrypted. The connection between the StarBox® Voice Optimized SD-WAN and the Datacenter is encrypted and protected by 2048 bit public/private key exchange.

The StarBox® Voice Optimized SD-WAN software image is read only on disk and is cryptographically signed using SHA1. On every startup, this signature is verified before the image is booted. If the verification fails the bootloader can attempt to download a new image. If this also fails the StarBox will refuse to boot. In the event of any boot errors, there are multiple rescue options available from the bootloader.

The StarSystem® VLAN architecture separates the voice and data networks, thereby providing another buffer between the "untrusted" internet link and the customers data network.

Click here to access the StarBox® Voice Optimized SD-WAN Security Features guide.

Select the appropriate link below for access to StarAcademy Training.       

up
117 users have voted.

Technical Support

If you have any technical questions or need to get in touch with Tech Support, please email us at service@sangoma.com to open a ticket.

Customers With Disabilities

Sangoma values its customers with disabilities. If you are in need of assistance with a Sangoma service or feature, please email service@sangoma.com.

Website Suggestion

Do you have a suggestion about our Knowledge Base website, let us know?