- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
PABX hack
Hello
I have a client who have had their PABX hacked and need to block all SIP traffic except to their VoIP provider. I installed a small FortiGate 30E for them and set up an inbound VIP rule specifying only the VoIP provider's IP address as the source. This hasn't resolved the problem. I can do a telnet test to port 5060 and it doesn't get blocked. If I remove the VIP policy I can still telnet to port 5060. I don't know what's going on but it appears the port is being kept open by the PABX. Has anyone experienced this issue before? I'm a bit stuck on how to troubleshoot and the client is wondering why he paid for a new firewall.
Thanks,
Andre
- Labels:
-
Next Generation Firewall
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Well it's been four days now and no-one for Fortinet support has responded to my ticket. I phoned but was put on hold until I gave up. In the mean-time I have done some research myself and found a solution on the Fortinet KB:
http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD37756&sliceId=1&docTypeID=DT_KCARTICLE_1_1&dialogID=91232211&stateId=0%200%2091230334.
Solution:
A way to limit the number of unwanted calls is to restrict the source IP of incoming calls to your proxy IP address. This can be done by setting the “strict-register” parameter in your SIP VoIP profile settings:
Conf voip profile
edit
conf sip
strict-register enable
end
end
end
In this way, the pinhole opened will allow only packets with source IP equal to the destination IP of the Register sent to outbound direction (in most cases it will be your SIP proxy).
![](/skins/images/EC12350B26E3A30E8BDB0075C9F4DA72/responsive_peak/images/icon_anonymous_message.png)