With the Endpoint Policy Group feature, you can create Policy Sets and Policy Groups. A Policy Set is an association of individual, SIP signaling-specific security policies or rule sets, such as application, border, media, security, signaling, and ToD. A Policy Group is comprised of one or more Policy Sets. Policy Sets and Policy Groups aggregate and simplify the application of Avaya SBC security features to specific types of SIP signaling messages traversing through the enterprise.
As various types of signaling traffic pass through the enterprise, the Avaya SBC security product exhaustively inspects traffic. The Avaya SBC then compares the traffic with the criteria defined by the active Policy Group, as determined by the constituent ToD policy. The specific Policy Set that the packets are compared to is determined by the order in which the Policy Sets are placed in the parent Policy Group. Packets are usually placed in the Policy Group in the order beginning with most restrictive to least restrictive.
The packets are compared to each Policy Set in the Policy Group prioritized list from top to bottom beginning with the most restrictive down to the least restrictive. After finding a Policy Set match for a packet, Avaya SBC further qualifies the match by:
When Policy Sets have ToD rules that match, the Policy Set number is used for the final selection, and the higher priority number wins. The selected Policy Set is applied to the packet and an action is taken.
When a match is found, one of three possible actions is taken, depending upon the policies defined in the Policy Group:
ALLOW: allows the packet to proceed to its destination without applying any security features.
DENY: immediately blocks the packet.
APPLY: applies the security features defined by the Policy Sets.
Note:
The user can add different Policy Sets with different ToD rules in the same Endpoint Policy Group.
Based on each ToD rule, a different security configuration can be applied to an incoming message.
