• Home
  • Hardware & Software

Change Transport Type on Devices to TLS

Written by Marissa Orsini

Updated at April 25th, 2023

Contact Us

  • The Essentials
    FAQs Forms
  • Announcements
    Carrier Events mFax Events Platform Events Release Notes
  • Billing Administration
    Datagate OneBill
  • Faxing
    mFax - Analog mFax - Digital Native Fax
  • Hardware & Software
    Manual Configuration Provisioning NDP Axis Cisco Fanvil Grandstream Polycom Snom Yealink Mobile Applications Desktop Applications Mobile-X SNAPbuilder TeamMate Connector UC Integrator
  • Hosted Voice
    Auto Attendants Branding Call Queues Call Routing CDRs Conferencing E-911 Features Fraud Integrations Inventory / Phone Numbers Local & Toll Free Porting Onboarding Recommendations SNAP.HD SIP Trunking SMS / MMS Users Voicemail Caller ID
  • Troubleshooting
    VoIPmonitor Firewalls PBX
  • Ray's Stuff
+ More

Table of Contents

Scope Requirements Overview Currently Supported Models Enable TLS via Manager Portal Enable TLS via Domain Overrides Overrides For Enabling SIP Signalling over TLS

Scope

Intended Audience: All End Users

This document provides a list of overrides that you will need to enable SIP Signalling over TLS.

 

Requirements

Office Manager access to the Manager Portal

 

 

Overview

Our core servers support TLS (Transport Layer Security) which is a form of encrypting communication for SIP Signalling between the hard phone and the core.  TLS is an effective measure to increase the security of SIP Signalling communication between the client and the server.   SIP Signalling may also be configured on the Trunk on your on-premises PBX and not limited to the phone which requires ISRG ROOT X1 CA to work.  Our server will listen on port 5061.  

Currently Supported Models

Below is a list of phones and their respective supported firmware that we have tested with TLS.  If your phone is not on the list, ensure that the phone's firmware has CA support for ISRG Root X1 certificate.

Model Minimum Required Firmware
T27G 69.85.0.22 
T46S, T48S, T42S, T41S 66.85.0.22
T53W, T54W, T53, T57W 96.85.0.22
CP920 78.85.0.22
T46U, T48U,T43U,T42U 108.85.0.22
T58V, T56A 58.85.0.22
VP59 91.85.0.22
CP960 73.85.0.22
SNOM D7X 10.1.73 as tested,
GRP2600 1.0.5.45 as tested
Polycom VVX 5.9.6 + as tested

Enable TLS via Manager Portal

  1. Log in to the Manager Portal
     
  2. Navigate to Inventory > Phone Hardware

     
  3. Click the pencil icon on the right
    NOTE: Do not click the MAC Address as this will open SNAPbuilder

     
  4. Select the Advanced tab
     
  5. Click the Transport Method to TLS

     
  6. Alternatively, you can bulk-edit phones and change the Transport Method of the selected phones to TLS
     
  7. Click Save and Resync to apply your changes to the phone
    NOTE: The phone will reboot

Enable TLS via Domain Overrides

  1. Log in to the Manager Portal
     
  2. Navigate to the domain
     
  3. Click Edit Domain
     
  4. Click Defaults tab
     
  5. Scroll all the way down, Enter the overrides to enable TLS in the Domain Defaults

    Example: To enable TLS for Yealink
     
  6. Click Save
    NOTE: Overrides should be formatted without spaces with the configuration value enclosed in quotation marks.  Phones will have to be rebooted

Overrides For Enabling SIP Signalling over TLS

  1. Polycom
device.set="1"
device.sec.TLS.profile.caCertList1.set="1"
device.sec.TLS.profile.caCertList1="Platform1"
device.sec.TLS.customCaCert1.set="1"
voIpProt.server.1.transport="TLS"
voIpProt.SIP.outboundProxy.transport="TLS"
reg.1.server.1.port="5061"
reg.1.server.2.port="5061"
reg.1.server.1.transport="TLS"        
reg.1.server.2.transport="TLS"        
reg.1.server.3.transport="TLS"
  1. The following must be added on the domain or device level if you're toggling the TLS via Inventory -> Phone Hardware. 
device.set="1"
device.sec.TLS.profile.caCertList1.set="1"
device.sec.TLS.profile.caCertList1="Platform1"
device.sec.TLS.customCaCert1.set="1"
  1. Yealink
account.1.sip_server.1.transport_type="2"
  1. SNOM 
transport=tls,sbc.ucaasnetwork.com
  1. Grandstream
P29095="1"
P29195="1"
P29295="1"
P29395="1"
P29495="1"
P29595="1"
P183="3"
P443="3"
P543="3"
P643="3"
P1743="3"
P1843="3"

 

device change tls transport

Was this article helpful?

Yes
No
Give feedback about this article

Related Articles

  • View Phone's Contact IP

Knowledge Base Software powered by Helpjuice

Expand