This forum is for all security enthusiasts to discuss Fortinet's latest & evolving technologies and to connect & network with peers in the cybersecurity hemisphere. Share and learn on a broad range of topics like best practices, use cases, integrations and more. For support specific questions/resources, please visit the Support Forum or the Knowledge Base.
Hello
I have a client who have had their PABX hacked and need to block all SIP traffic except to their VoIP provider. I installed a small FortiGate 30E for them and set up an inbound VIP rule specifying only the VoIP provider's IP address as the source. This hasn't resolved the problem. I can do a telnet test to port 5060 and it doesn't get blocked. If I remove the VIP policy I can still telnet to port 5060. I don't know what's going on but it appears the port is being kept open by the PABX. Has anyone experienced this issue before? I'm a bit stuck on how to troubleshoot and the client is wondering why he paid for a new firewall.
Thanks,
Andre
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Well it's been four days now and no-one for Fortinet support has responded to my ticket. I phoned but was put on hold until I gave up. In the mean-time I have done some research myself and found a solution on the Fortinet KB:
http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD37756&sliceId=1&docTypeID=DT_KCARTICLE_1_1&dialogID=91232211&stateId=0%200%2091230334.
Solution:
A way to limit the number of unwanted calls is to restrict the source IP of incoming calls to your proxy IP address. This can be done by setting the “strict-register” parameter in your SIP VoIP profile settings:
Conf voip profile
edit
conf sip
strict-register enable
end
end
end
In this way, the pinhole opened will allow only packets with source IP equal to the destination IP of the Register sent to outbound direction (in most cases it will be your SIP proxy).
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.