Versions Compared

Old Version 3

changes.mady.by.user user-0f753

Saved on

compared with

New Version Current

changes.mady.by.user user-e1945

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

...

On first run of Snom we strongly recommend that you secure the web interface in order to protect your phone against remote attacks. Therefore the HTTP User and Password as well as the Administrator Password should be changed from the default value.

Image Modified

Setting-Up the phone for TLS

...

Your phone also acts as a client in a couple of cases. E.g. if you register to a secure SIP proxy or if you open a Action URL over HTTPS. Normally, you do not need to worry about the server identification. Snom phones do not verify server identities by default. From FW version 8.2.30 you can explicitly state to verify server certificates though. You can activate the feature on the certificates page of the web interface:

Image Modified

Please carefully enable the feature. The phone will reject all secure connections of peers offering an unknown certificate that could not be verified by one of build-in CA's of the snom phone. Please refer to the Certificate Authorities tab to see which authorities are supported by the phone. Due to security concerns, you can only disable the feauture by resetting the phone to the factory defaults.

...

A certificate is trusted if its signature is signed by a certificate authority. Snom has pre-installed a couple of CA's which are listed on the Certificate Authorities tab of the Certificates page:

Image Modified

All rejected certificates are listed in the Unknown Certificates tab. If you persist on trusting the identification you can add it as an exception:

Image Modified

Henceforward, the certificate is listed in the Server Certificates tab and a connection to this identification is no longer rejected. Currently, this is the only way to add unknwon server certificates to the phone.

When a certificate is upgraded on Privateserver

When a If one certificate is upgraded or change was performed on your

Brand
brandserver
, on a SNOM phone try to re-register from configuration identitythen you got into the case explained in this section introduction: new certificate needs to be accepted as exception. Since this is a server side change with no explicit  notification to SNOM client, in order to update the client's certification setup you need to force it connecting again. This can be done using "Re-register" button shown in first image of "Basic configuration" paragraph below (which shows identity tab setup), action that forces your SNOM phone to re-register and thus negotiate server's certificate. After that action has been taken, the upgraded certificate will result as unknown thus SNOM phone will not be able to pull the certificate from the CA chain, the phone will not be listed as "Unknown" and since SNOM phone cannot follow the certificate chain, then it wouldn't be able to connect to privateserver. The upgraded certificate will be listed in the Unknown Certificates tab.Please follow the procedure of adding unknown certificate described above.
Brand
brandserver
Please follow "Adding unknow certificate" section above to accept it and make your SNOM client re-register again. Now it should connect all right.

Manually Uploading Certificates

...

Warning

The official firmware supported by PrivateWave

Brand
brandcompany
is 8.4.35 .

a. Open the Web User Interface of the snom and navigate to the Software Update page.

...

After that, the phone is upgraded to version 8.4.35.

Basic Configuration

...

Open the Web User Interface of the SNOM

Step 1Step 2

Navigate to the Setup/Identity1 page, login tab:

  • Set Account, Authentication Username and password with the correct
    data that you have.
  • Set Registrar with the IP Address (or DNS) of Server Sip.
  • Set Outbound Proxy in this form : ‘sips:ip_of_the_srv(or dns):5061’

Goto in the Setup/Identity1 page, SIP tab:

  • Set Support Broken registrar to ON. 
  • DTMF via SIP Info set to ON.
Image ModifiedImage Modified
Step 3Step 4

Goto in the Setup/Identity1 page, RTP tab:

  • Set RTP Encryption to ON.
  • Set SRTP Auth-tag to AES-32.
  • Set RTP/SAVP to Mandatory.
  • Set Packet Size to 20ms.
  • Set Media Transport Offer to UDP.

Goto in the Certificates:

  • Enable the server identity check in TLS connection by pushing the "TLS" button in
    "Unknown Certificates".
Image Modified 

Advanced Configuration of the SNOM 300/320:

...

Step 1Step 2

Navigate to the Setup/Function Keys page:

  • Choose a dial pad button to edit (in the example it's P5)
  • Click on the drop-down menu of the "Action" (i.e. the second column)

 

  • Choose "DTMF"
  • Save by pushing the "Save" button at the bottom of the form
Image ModifiedImage Modified
Step 3Step 4
Insert the "*1*" string in the third column: These DTMF activate the transfer mode.

Act the same way for another dial button (i.e. P4) but this time insert the "*3*" DTMF

train: this one activates the "3-way call"

Image ModifiedImage Modified