General

Remote access

Lets you open the remote maintenance access generally or for a one-off access only. If remote maintenance access is closed, adjustments to be configuration can only be made locally.

Note:

Only leave the remote maintenance access open for as long as necessary.

Table 1. Remote access settings
Parameter	Explanation
State	Not enabled: Remote maintenance is not possible Access allowed once: Remote maintenance is barred once you exit it. Access allowed: Remote maintenance is possible
CLIP required	Remote access is only possible of the retrieving party logs in using a CLIP. This CLIP is registered in the access log.
Free system access	Status display. Via the control panel (Mitel 470) on the front panel a password-free, local access with the administration right User access control can be activated. Local access is then possible using a LAN cable. This is useful for example if all the passwords have been lost. There is no password-free access for remote maintenance. notes: You are strongly advised to keep the password-free access open only for as long as necessary. For security reasons it is automatically deactivated again after a restart or at the latest after 60 minutes. There is no password-free access for the Virtual Appliance communication server.
AIN node remote access	Status display. Remote maintenance access via an external dial-up connection to the AIN is also protected and has to be explicitly enabled on the front panel (Mitel 470). This is irrespective of whether dial-up access is via a satellite or directly to the Master.
Applications card access	Remote maintenance also allows access to any applications card that may be installed (Mitel 470 only).

Security

Different services and monitors require a communication via specific communication server ports. These are closed by default, for security reasons.

Table 2. Security
Parameter	Explanation
Open application ports	To access the application ports. All ports are open. Prevents the use of OIP, alarm server, and other applications (applies to tcp ports: 1061/AXP, 1070/ATNS, 1074/ATPC3, 1088/ATAS2, 1112/AIL, and 1132/ATAS1).
Open maintenance monitor port	The Maintenance Monitor (Telnet 1818 TCP) allows to record traces and to set specific parameter.
Open all server/monitor ports	Opening and closing of server/monitor ports. Monitor ports like 1056, 1075, 1096, 1097, and 2323 can be accessed. Note: The communication server has to be restarted for the new settings to take effect.
FTP service	The FTP service can be switched off (ports are closed), enabled for IP terminals only (MiVoice 5300 / 5300 IP and MiVoice 2380 IP) or switched on generally. Note: This setting is allowed only in Mitel 470. SMBC and Virtual Appliance do not allow the settings to be changed.
Compatibility mode for self-signed certificate - SHA1/SHA2	The generated certificate uses the SHA-1 based signature algorithm which may be seen as corrupt or invalid by some clients e.g. browsers. This compatibility mode is useful during software upgrade scenarios, as long as not all terminal software support the SHA-2 based signature algorithm.
Compatibility mode for self-signed certificate - Use IP address	The generated certificate uses the IP address. Note: Make sure that a DNS resolution is possible on the PBX name before the checkbox is disabled.
Compatibility mode for TLS v1.0	This compatibility mode is used for Mitel SIP terminals, who support HTTPS connections with TLS v1.0 only (e.g. Mitel 6700 SIP series). Note: HTTPS connections with TLS v1.0 are insecure.
Compatibility mode for server certificate validation	The communication server does not validate the certificates sent from the server which is not secure.
Redirect WebAdmin to HTTPS	The protocol between WebAdmin and other entities will be switched to secure HTTPS. This will help to prevent publishing attacks from inside the LAN.
Password expiration period for WebAdmin (days, 0=off)	If you set the value to more than 0 days, the WebAdmin password expires after the set number of days. After the password expires, change the password at login.

Support mode

Activating support mode temporarily deactivates online licence check and simultaneously activates restricted operating mode. This way, the support team can upload the backup copy of another communication server's configuration data without the clone detection service on the licence server (SLS cloud) detecting the communication server as a possible clone (system with the same EID).

Save system data

In case of power failure or communication server crash, the current data in the main memory will be lost. When you restart the communication server it retrieves the stored RAM backup. You can specify here how often the RAM backup should be created during system operation.

You can also update the save system data manually by clicking Create RAM backup.

notes:

The RAM backup is not visible and cannot be restored manually.
A first start is carried out if no RAM backup is available when the system starts up.

Table 3. Save system data
Parameter	Explanation
Backup interval [hh:mm]	Determine here how often the backup (save system data) is created.