Hi,
we have a lot of SPAM Calls incoming, resulting in Softphones ringing.
Cause of this matter is, that the Softphone seems to accept direct ip calls. (Linphone)
Since we cannot change the client in the near future, we have to find another solution.
Since now i wasn't able to restrict due to FW-Policy Changes, or hardening of SIP-ALG Profiles.
for example:
I've tried to create a custom sip profile with "strict-register enabled" and additioally limit the incoming source-ip to the SIP-Gateway and set this to allow. In SIP-Logs i can see the fake calls matching the policy-id, even though the source IP doesn't match.
If I understand this matter, i would propose to block SIP-INVITES "not" coming from the SIP-Proxy-Server.
So any idea how i can perform this?
Thanks
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
There are 2 ways to do this:
1- create a policy to allow incoming SIP calls from the known proxy
2-create a policy right below blocking all incoming SIP traffic
or
1- create a DENY policy (action=DENY) with source address=your proxy, and edit it in the CLI:
set srcaddr-negate
When enabled srcaddr/srcaddr6 specifies what the source address must NOT be
I think this will work from v6.0 on.
It does help in corner cases but I recommend against using this, as it is not that apparent in the GUI policy table. One regular 'ALLOW' policy should suffice, as all other traffic will be denied by the implicit DENY policy anyway. Or should be.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1663 | |
1077 | |
752 | |
446 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.