Update Configuration Settings

To update the configuration settings:

On the MBG main page, click the System tab and click Settings.

Edit settings as required and then click Save.

Field	Description	Values
Service Parameters
TFTP enabled	MiNet devices use the TFTP protocol to fetch their firmware and applications from the MBG server. This option controls if MBG's TFTP server is enabled or disabled. Deployments without MiNet devices can safely disable this option.	Default is enabled.
DSCP setting for voice	Select the Differentiated Services Code Point (DSCP) setting to insert in the header of signaling, voice and video IP packets, enabling them to be classified and prioritized for network management purposes and to enhance Quality of Service. DSCPs are available which offer the following Per Hop Behavior (PHP): Best Effort: (0) This is the default class for all data traffic. This traffic is handled after other queues. Class Selector: (1 - 7) These values maintain backward compatibility with network devices that use the IP Precedence field. Assured Forwarding: (11 - 13, 21 - 23, 31-33, 41 - 43) These values provide assurance of delivery provided that the traffic does not exceed a prescribed rate. If the limit is exceeded, some packets may be dropped. There are four separate Assured Forwarding classes, and within each class, there are three drop probabilities. Expedited Forwarding: (46) This value is intended for voice and video services which require low delay, low loss and low jitter. Expedited Forwarding traffic typically receives priority queuing above other traffic classes. Its use is often compared to a leased line. Disabled: Turns off DSCP insertion. Note: To complete the DSCP configuration, update the MiNet and SIP port ranges, assigning some ports to voice and some to video. If you do not make this change, by default all available ports will be allotted to voice (20000-30999) and none to video.	Expedited forwarding
DSCP setting for video		Expedited forwarding
DSCP setting for signaling		Expedited forwarding
TFTP blocksize	MiNet devices use the TFTP protocol to fetch their firmware and applications from the MBG server. The TFTP blocksize defines the size of each data packet being transmitted. Options include: 512 bytes 1024 bytes 2048 bytes 4096 bytes In most cases, you can leave the TFTP block size at its default setting, 4096 bytes. However, if your MiNet devices are experiencing issues downloading firmware or HTML applications, change the setting to 1024 bytes. For more information about TFTP block size, see the Engineering Guidelines.	Default is 4096.
ICP Failure Detection	If this feature is enabled and UDP is selected as the SIP transport protocol, MBG will send SIP OPTIONS keepalive messages to each configured ICP. If an ICP fails to respond to two of these messages, MBG will mark the ICP "down" and respond to new requests by issuing a 503 Service Unavailable error message. Alternatively, if the unreachable ICP is a member of a resilient cluster, MBG will send the request to another ICP in the cluster. When the original ICP successfully responds to two SIP OPTIONS keepalive messages, MBG will mark the ICP as "up" and resume forwarding requests. If this feature is disabled, MBG will mark all configured ICPs as "up," regardless of their actual availability.	Default is enabled.
SSL ciphers	Select the TLS/SSL cipher suite used to negotiate security settings and encrypt information for network connections: Default: MBG supports the "medium" and "high" encryption cipher suites, including SSLv3 and TLSv1.0 but excluding SSLv2, MD5, RC4 and DES-CBC3-SHA. TLS 1.2+: MBG supports the "high" encryption cipher suite, excluding SSLv2, SSLv3, TLSv1.0, MD5 and RC4. 8.X Compat: MBG supports the "medium" and "high" encryption cipher suites, including SSLv3 and TLSv1.0 but excluding SSLv2, MD5 and DES-CBC3-SHA. A cipher suite is a set of cryptographic algorithms which are employed to create a key (shared secret) and encrypt information for a communications session. Before the session is established, the MBG server and the client negotiate between each other and select the best available cipher suite. If they cannot reach agreement on a cipher suite, the network connection is disallowed.	Default is Default. Notes: TLS 1.2+may result in compatibility issues with older Mitel devices and softphones. Its use may be required in order to proprietary information security standards such as PCI DSS. WebRTC always presents TLS 1.2+ ciphers on its public interface port (TCP port 5063). WebRTC uses this option on its private interface when the security mode is set to "public and private". It must be restarted for the change to take effect. 8.1 Compat should be used when you are upgrading the nodes in an MBG cluster from MBG 8.1 to MBG 9.2 or later software. First upgrade the master node and program it with 8.X Compat ciphers. Then upgrade the slave nodes and program them with 8.X Compatciphers. After the upgrade is complete, program all of the nodes with Default ciphers.
Relax set RTP checks	Select this option to allow MBG to accept RTP voice packets from a different IP port than negotiated.This option may help deployments experiencing audio issues with remote sites with multiple internet gateways or with some mobile providers.	Default is Disabled.
MiNet options
MiNet support	Select one or more transport protocol(s) to use for sending requests and responses in MiNet messages: TCP: Select to allow unencrypted connections. This transport protocol is used by Mitel IP-DECT EMEA (DeTeWe) and IP-DECT Global (Ascom) phones as well as SpectraLink wireless devices. It is intended for debugging purposes; enable it only when directed to do so by Mitel product support. TCP/PSK: Select to allow "pre-TLS" connections. This transport protocol is used by legacy MiNet devices such as 50xx-series IP Phones, the 5550 TKB, and softphones such as the MiVoice Business Console and MiContact Center. TCP/TLS: Select to allow TLS connections. This transport protocol is used by MiNet devices that use Transport Layer Security, such as 52xx- and 53xx-series IP Phones. Notes: Add MiNet phones to the MiNet Device List. If your implementation does not include any MiNet phones, disable all MiNet support transport protocols to prevent MBG from listening on unused ports. At least one least one transport protocol must be selected to enable MiNet support.	Default is False (disabled): TCP Default is True (enabled): TCP/PSK TCP/TLS
HTML application support	Select to allow TCP/TLS settings using port 6881. This port supports HTML applications used by MiNet phones, such as notification types. Clear this setting if your does not include any MiNet phones.	Default is enabled.
SAC Support	TCP: Select to allow unencrypted connections using SAC. This option is intended for debugging purposes; enable it only when directed to do so by Mitel product support. TCP/TLS: Select to allow TLS connections using SAC. SAC is the secondary communications channel for MiNet devices, and is usually enabled. It is used by 53xx-series IP Phones and phones with auto-labelling keys such as the 5235, 5330, 5340, 5320, 5360, 5330e, 5340e, 5320e.	Default is False (disabled): TCP Default is True (enabled): TCP/TLS
Security Profile	MBG employs SSL security with digital certificates to perform authentication and admission control of IP Phone connections with MBG. The following security profiles are available: Enhanced security mode: If your implementation is equipped exclusively with 53xx-series or later IP Phones, select this mode to enable TLS mutual authentication. This mode can only be used by hard sets (not softphones) that present a valid Mitel certificate. It blocks scanning attempts at the TLS transaction layer and provides the highest security mode possible. Accordingly, it is often used by financial institutions. Legacy mode: If your implementation includes 5010, 5020 or 52xx-series IP Phones, or MiCollab Client, or MiContact Center softphones based on the MiNET protocol, select this mode to perform standard authentication. Also select TCP/PSK as the MiNet support option. Note: After you change this setting, restart the system in order to have the sets reconnect and use the new security profile. For detailed instructions, see Stop MBG and Start MBG.	Default is Legacy mode.
Restrict MiNet devices	Select to enable the requirement for MiNET devices to be authenticated before connecting to the ICP. This means that MiNet client access is restricted to those devices that are listed on the MiNet devices page. Clear to allow clients to bypass registration at the server and be approved at the ICP. Note: Disabling this option poses a security risk.	Default is True (enabled).
Time format	Select 12- or 24-hour clock. This option can also be enabled forindividual MiNet devices.	Default is 12.
Tone Injection	With this option enabled, a configurable tone will be injected into all calls. See Tone Injection for details. Frequency sets the pitch of the tone. Duration defines the length of the tone. Interval controls the time between the played tones. Volume sets the volume of the tone. The values towards zero are louder. Mix/Mux controls whether to mix the tone into the audio stream, or replace the audio stream with the tone while playing. Direction defines whether to play the tone in the audio stream going towards: RX: the set TX: the ICP RXTX: both	Default is disabled.
Device <–> device local streaming	Select to force MiNet devices to use local streaming always. Clear to prevent MiNet devices from using local streaming. Note: If the Call recording option is enabled, and a CRE (Call Recording Equipment) is connected to MBG, local streaming would not take effect even if it is configured. If the devices are behind NAT, both of them must be behind the same NAT router for local streaming to be possible.	Default is False (disabled).
Codec support	If you are doing secure call recording and the 3rd-party call recording equipment (CRE) only supports G.711a, G.711u and G.729a, you can restrict MBG to using those codecs. If you are not operating under these limitations, you should allow MBG to use an unrestricted range of codecs. Unrestricted: MiNet devices can use G.711u, G.711a, G.729a or G.722.1. Restricted to G.729, G.711: MiNet devices can only use G.711a, G.711u or G.729a. This option can also be enabled for individual MiNet devices.	Default is Restricted to G.729, G.711.
Force set-side codec	In order to reduce the amount of bandwidth consumed on the Internet side of the connection, you can select the compression codec to apply to the voice traffic going to remote MiNET sets. Disabled to allow MiNet devices to select the codec. G.729a to force MiNet devices to use G.729 A-law. G.711u to force MiNet device to use G.711 μ-law. G.711a to force MiNet device to use G.711 A-law. This option can also be enabled for individual MiNet devices. Note: Not supported for MiCollab deployments. If this option is enabled, compression licenses are required to support transcoding from the Internet side to the ICP side.	Default is Disabled.
RTP framesize	This setting overrides the default value requested by the ICP or SIP peer request. It should be changed only if your system requires it. For more information about RTP frame size, see the Engineering Guidelines. By default, MBG uses the RTP framesize requested by the ICP or SIP peer. This setting forces the RTP framesize on the set-side of the MBG to the specified value. The default is to respect the requested framesize. This does not affect the framesize used between MBG and the ICP. This option can also be enabled for individual MiNet devices.	Default is Dynamic, meaning that the value is set by negotiation between ICP and the ICP or SIP Peer. (Default for Mitel IP devices is 20 ms.)
Ping Before Redirect Enabled	If your MBG is a member of a cluster and is operating in a network environment that supports ICMP, enable this feature to require sets to PING other MBGs in the cluster prior to attempting to establish a connection. For example, if the cluster has two MBGs, MBG1 and MBG2, and the set fails to connect with MBG2 due to a network or routing problem, MBG1 will ask the set to PING MBG2. If the set receives a response, it will immediately attempt to connect with MBG2. If the set does not receive a response, it will remain connected to MBG1. The set will not attempt to connect with MBG2 until it has received a successful PING response. The set reissues PINGs in accordance with the Retry Backoff Interval and Ping Timeout settings. Disable this feature is your MBG is not part of a cluster, or if your network environment does not support ICMP.	Default is disabled.
Reboot fallback enabled	Enable this parameter if you experience problems with MiNET sets not responding to PING requests (either success or failure). After the sets are rebooted, they should then respond to PING requests normally.	Default is disabled.
Retry backoff interval(s)	The amount of time, in seconds, that the set waits before issuing a new PING request.	Default is 60 seconds.
Ping to send	Specifies the number of Echo Request messages to send on each request.	Default is 1.
Successful pings	Specifies that the Internet Timestamp option in the IP header is used to record the time of arrival for the Echo Request message and corresponding Echo Reply message for each hop. The Count must be a minimum of 1 and a maximum of 4.	Default is 1.
Ping packet size	Specifies the length, in bytes, of the Data field in the Echo Request messages. The default is 64. The maximum size is 65,527.	Default is 64 bytes.
Ping Timeout	Specifies the amount of time, in milliseconds, to wait for the Echo Reply message that corresponds to a given Echo Request message to be received. If the Echo Reply message is not received within the timeout, a "Request timed out" error message is issued and the set remains connected to the local MBG.	800 ms (0.8 seconds)
SIP options
SIP support	Select one or more SIP transport Protocol to use for sending requests and responses in SIP messages: UDP TCP TCP/TLS For each Protocol that you have selected, choose which interface the SIP connector listens to by selecting an Access Profile: Private: The SIP connector listens on the LAN interface. Public: The SIP connector listens on the LAN and WAN interfaces. Third interface only: The SIP connector listens on the third interface only (used when MBG has two LAN interfaces, one of which is connected to a SIP trunk). WAN-reachable IPs only: The SIP connector listens on the WAN interface only. For example, to restrict LAN-based connections to UDP while allowing WAN-based connections to use TLS, configure the following: Notes: At least one least one transport protocol must be selected to enable SIP support. TLS encrypts signaling between SIP devices, and is recommended if you enable set-side RTP security. MBG uses port 5060 for UDP/TCP and port 5061 for TLS. When you upgrade from a pre-9.0 MBG release with the SIP connector enabled, UDP will be selected by default. SIP trunking is supported both in UDP and TCP.	Protocol: default is disabled (no option selected) Access Profile: default is Public Click the Export root cert to export the root CA certificate corresponding to the currently used certificate by SIP services.
Certificate (for SIP TLS connection (TCP 5061))	The following certificate options are available: Mitel: Select this option to have MBG present a built-in Mitel certificate. Web server: Select this option to have MBG present a trusted third-party certificate uploaded in Mitel Standard Linux Web Server panel. Note: Changing this setting breaks the trust model with the existing clients, which results in failures to connect until redeployment. Particularly, the MiCollab Client Deployment profile setting for TLS server certificate validation must match the MBG setting, such as, If the MBG setting is "Mitel", the deployment profile setting for TLS-server-certificate CA must be Mitel CA. If the MBG setting is "Web server", the deployment profile setting for TLS-server-certificate CA must be Public CA.	Default is Mitel.
Registration mode	When a SIP device registers with MBG, it provides a value which controls how long its registration remains valid before the device must re-register (for example, 3600 seconds). You can accept this default behavior or you can allow MBG to impose a customized registration mode which adjusts the timer mechanisms. The following registration modes are available: Gap: Select this mode to have SIP devices use both the set-side and ICP-side registration intervals specified by MBG. For example, when a device registers with MBG, MBG will instruct the device to re-register using the Set-side registration expiry time value. After the device re-registers (which may occur prior to the timer expiring), MBG will pass the device's SIP REGISTER request to the ICP according to the ICP-side registration expiry time value. Any difference between the two values will cause a "gap" or delay between registration on the set and ICP sides of MBG. Max Set-Side: Select this mode to have SIP devices use the set-side registration interval specified by MBG. For example, when a device registers with MBG, MBG will instruct the device to re-register using the Set-side registration expiry time value. After the device re-registers, MBG will immediately pass the device's SIP REGISTER request to the ICP. Pass-Through: Select this mode to have SIP devices specify their own registration interval. After the device registers with this value, MBG will immediately pass the device's SIP REGISTER request to the ICP. Most devices provide a value of 3600 but some use 7200 or more. Note: MBG always applies Pass-Through SIP registration mode to MiCollab mobile clients SIP softphones regardless of the configured SIP registration mode.	Default is Max Set-Side. Possible problems may occur if you employ a lengthy registration expiry interval. For example, if the interval is 3600 seconds (one hour) and you take MBG offline for a software upgrade during this time, the devices will become unregistered. Until the devices re-register, they will not receive calls from the ICP. Configuring a lower registration expiry interval alleviates this problem but requires more network resources.
Set-side registration expiry time	These fields control the registration expiry timers communicated from MBG to SIP devices. If the registration mode is Gap, both the set-side and ICP-side timers are used. If the registration mode is Max Set-Side, only the set-side timer is used.	Default is 240 seconds. Permitted values range from 60 to 7200.
ICP-side registration expiry time		Default is 900 seconds.Permitted values range from 300 to 7200.
Allowed URI names	In order to determine the destination of a SIP request, MBG inspects the Request URI. If the URI contains an address belonging to MBG, the request is accepted for processing. If the URI contains any other address, MBG checks this list before accepting the request for processing. Typically, the hostnames you add to this list will be for the SIP service provider's session border controller or service domain. Separate each entry on the list with a space.
Tone Injection	With this option enabled, a configurable tone will be injected into all calls. See Tone Injection for details. Frequency sets the pitch of the tone. Duration defines the length of the tone. Interval controls the time between the played tones. Volume sets the volume of the tone. The values towards zero are louder. Mix/Mux controls whether to mix the tone into the audio stream, or replace the audio stream with the tone while playing. Direction defines whether to play the tone in the audio stream going towards: RX: the set TX: the ICP RXTX: both	Default is disabled.
SIP adaptation support	Select this option to enable customizing the SIP headers according to SIP provider requirements.	Default is disabled.
SIP adaptation receive pipeline	From the drop-down, select the pipeline to receive SIP messages.	The drop-down list contains the pipelines configured in SIP Adaptation page.
SIP adaptation send pipeline	From the drop-down, select the pipeline to send SIP messages.
KPML username	Some services, such as the RIM Mobile Voice System, insert signaling in the voice stream in the form of DTMF tones. If you wish to eliminate these tones, program a KPML subscription username and password on both the ICP and MBG. MBG will then use KPML to detect and suppress the DTMF digits that are not required. KPML username: Enter a combination of alphanumeric and special characters, up to 48 characters in length. KPML password: Enter a combination of numbers, symbols, upper and lowercase characters, up to 20 characters in length. Weak passwords such as default, admin, or username are not permitted. Note: When you update the username, you can either enter a new password or continue to use the existing password. For security reasons, the password field is always blank.
KPML password		*******
Permit weak passwords	Select to allow weak Set-side registration expiry timeto be configured for SIP devices. Disable to require strong passwords which contain a combination of letters, numbers, and punctuation (for example, Mitel*Server1!). Note: Permitting weak set-side passwords can compromise security, particularly when MBG is operating in gateway mode.	Default is Disabled (strong passwords required).
Device <–> device local streaming	Select to enable SIP devices to use local streaming. If the Call recording option is enabled, and a CRE (Call Recording Equipment) is connected to MBG, local streaming would not take effect even if it is configured. Clear to prevent SIP devices from using local streaming.	Default is False (disabled).
Device <–> trunk local streaming	Select to enable local streaming between SIP devices and SIP trunks. When Device to trunk local streaming is enabled, calls between the device and the trunk do not pass through the MBG server and therefore cannot be recorded. Note: Device to trunk local streaming takes effect only if both SIP device local streaming and SIP trunk local streaming are enabled. Clear to prevent SIP devices from using Device to trunk local streaming.	Default is False (disabled).
Codec support	If you are doing secure call recording and the 3rd-party call recording equipment (CRE) only supports G.711a, G.711u and G.729a, you can restrict MBG to using those codecs. If you are not operating under these limitations, you should allow MBG to use an unrestricted range of codecs. Unrestricted: SIP devices can use any codec that is agreed upon in SDP negotiation, such as GSM. Restricted to G.729, G.711: SIP devices can only use G.711a, G.711u, or G.729a. This option can also be enabled for individual SIP devices.	Default is Restricted to G.729, G.711.
RTP framesize	This setting overrides the default value requested by the ICP or SIP peer request. It should be changed only if your system requires it. For more information about RTP frame size, see the Engineering Guidelines. By default, MBG uses the RTP framesize requested by the ICP or SIP peer This setting forces the RTP framesize on the set-side of the MBG to the specified value. The default is to respect the requested framesize. This does not affect the framesize used between MBG and the ICP. This option can also be enabled for individual SIP devices.	Default is Dynamic, meaning that the value is set by negotiation between ICP and SIP Peer.
Set-side RTP security	This setting controls whether streaming between MBG and the TeleWorker SET device should be encrypted (SRTP) or not encrypted (RTP); refer to the MBG Engineering Guidelines for further details.
Inbound	SRTP or RTP: Accept any inbound SRTP or RTP offers on the TeleWorker SET-side. SRTP only: Accept ONLY inbound SRTP offers on the TeleWorker SET-side – reject inbound RTP offers on the SET side. RTP only: Accept ONLY inbound RTP offers on the TeleWorker SET-side – reject inbound SRTP offers on the SET side. Note: To enable usage of encrypted SRTP streaming, in addition to selecting the SRTP setting, the TeleWorker SET device also needs to be properly configured to use SRTP as well. Otherwise, calls might fallback to unencrypted RTP streaming or even be rejected.	Default is SRTP or RTP.
Outbound	SRTP only: Only use SRTP when making outbound offers on the TeleWorker SET-side. RTP only: Only use RTP when making outbound offers on the TeleWorker SET-side. AVP+crypto: Use both SRTP or RTP when making outbound offers on the TeleWorker SET-side (SRTP preferred over RTP). Note: To enable usage of encrypted SRTP streaming, in addition to selecting the SRTP setting, the TeleWorker SET device also needs to be properly configured to use SRTP as well. Otherwise, calls might fallback to unencrypted RTP streaming or even be rejected.	Default is RTP only.
Preferred cipher	AES_CM_128_HMAC_SHA1_32: Use AES_CM_128_HMAC_SHA1_32 as the preferred cryptosuite over AES_CM_128_HMAC_SHA1_80 when making outbound offers on the TeleWorker SET-side. AES_CM_128_HMAC_SHA1_80: Use AES_CM_128_HMAC_SHA1_80 as the preferred cryptosuite over AES_CM_128_HMAC_SHA1_32 when making outbound offers on the TeleWorker SET-side.	Default is AES_CM_128_HMAC_SHA1_32.
ICP-side RTP security	This setting controls whether streaming between MBG and the ICP should be encrypted (SRTP) or not encrypted (RTP); refer to the MBG Engineering Guidelines for further details.
Inbound	SRTP or RTP: Accept any inbound SRTP or RTP offers on the ICP side. SRTP only: Accept ONLY inbound SRTP offers – reject inbound RTP offers on the ICP side. RTP only: Accept ONLY inbound RTP offers – reject inbound SRTP offers on the ICP side. Note: To enable usage of encrypted SRTP streaming, in addition to selecting the SRTP setting, the remote ICP endpoint must be properly configured to use SRTP. Otherwise, calls might fallback to unencrypted RTP streaming or even be rejected.	Default is RTP only.
Outbound	SRTP only: Only use SRTP when making outbound offers on the ICP side. RTP only: Only use RTP when making outbound offers on the ICP side. AVP+crypto: Use both SRTP or RTP when making outbound offers on the ICP side (SRTP preferred over RTP). Note: To enable usage of encrypted SRTP streaming, in addition to selecting the SRTP setting, the remote ICP endpoint must be properly configured to use SRTP. Otherwise, calls might fallback to unencrypted RTP streaming or even be rejected.	Default is RTP only.
Preferred cipher	AES_CM_128_HMAC_SHA1_32: Use AES_CM_128_HMAC_SHA1_32 as the preferred cryptosuite over AES_CM_128_HMAC_SHA1_80 when making outbound offers on the ICP side. AES_CM_128_HMAC_SHA1_80: Use AES_CM_128_HMAC_SHA1_80 as the preferred cryptosuite over AES_CM_128_HMAC_SHA1_32 when making outbound offers.	Default is AES_CM_128_HMAC_SHA1_32.
PRACK support	Select this option to enable MBG to advertise and send Provisional Response Acknowledgment (PRACK) messages between itself and the peer (MiVoice Business). The PRACK method improves network reliability by adding an acknowledgment system to provisional responses. Clear this option to disable PRACK support between MBG and the peer. If desired, you may then enable it for individual trunks or devices; the SIP method will then be used between MBG and the specified endpoints, but not between MBG and the peer. Notes: If this option is disabled and the Require header indicates that PRACK is necessary, MBG logs an error stating that the service was required but disabled, and the call will likely fail. To correct this problem, disable the "Require PRACK" setting on the peer (MiVoice Business). Most peers now support PRACK, which can be useful in interoperability scenarios with the PSTN (see RFC 3262). If the SIP peers also support PRACK, it is recommended that this option be enabled.	Default is True (PRACK support enabled).
Send options keepalives	The following settings control how SIP "OPTIONS" messages are sent to SIP devices as keepalive mechanisms: Only Behind NAT to send keepalives only if the remote device is connected via UDP and behind a NAT server that is not performing traversal such as STUN. Never to prevent keepalives from being sent. Always to force keepalives to be sent. This option can also be enabled for individual trunks or devices. Notes: Gap register and Send options can be used together or separately. "Only Behind NAT" is available only for SIP devices that are connected via UDP.	Default is Only behind NAT.
Options interval	If "Send options keep-alives" is enabled, this is the interval at which keep-alive messages are sent.	Default is 20 seconds.
Challenge methods	Use this setting to specify the challenge methods MBG will use to authenticate the remote SIP device. When an incoming request includes one of these methods, MBG will issue a "401 Authorization Required" response. The device must then retry the request with credentials contained within the message. Select one or more of the following methods: Invite, Subscribe, Refer, Prack, Bye, Options, Info, Notify, Update. Use Shift-click and Ctrl-click to select multiple items on the list. After you have finished updating the screen, click Save. Note: The ACK and CANCEL methods cannot be challenged. REGISTER is always challenged.	Defaults are Invite and Subscribe.