A Server Name Indication (SNI) group is a collection of TLS profiles. The functionality of an SNI group depends on whether the Avaya SBC is acting as a client or as a server during the communication.

Avaya SBC as a server

When client sends a handshake packet to the Avaya SBC server, then depending on the Server Profiles option in TLS Management > Server Profiles, Avaya SBC server checks the SNI string. If the SNI string of the client matches with the Subject Alternative Name (SAN) and Common Name (CN) fields of the server certificate then only the Avaya SBC server accepts handshake packet and allows the communication.

Avaya SBC as a client

For enabling SNI from the Avaya SBC client, enable Extended Hostname Verification from TLS Management > Client Profiles and provide the Server Hostname. Avaya SBC client sends an SNI request with the Server Hostname as the SNI string to the server. If the Extended Hostname Verification field is not enabled, then Avaya SBC sends SIP Server IP Address in the handshake request packet. Communication between the client and server depends on the configurations at the server side.