Block SIP(VoIP) Direct IP Calls / Fake Calls "not" coming from the proxy
we have a lot of SPAM Calls incoming, resulting in Softphones ringing.
Cause of this matter is, that the Softphone seems to accept direct ip calls. (Linphone)
Since we cannot change the client in the near future, we have to find another solution.
Since now i wasn't able to restrict due to FW-Policy Changes, or hardening of SIP-ALG Profiles.
I've tried to create a custom sip profile with "strict-register enabled" and additioally limit the incoming source-ip to the SIP-Gateway and set this to allow. In SIP-Logs i can see the fake calls matching the policy-id, even though the source IP doesn't match.
If I understand this matter, i would propose to block SIP-INVITES "not" coming from the SIP-Proxy-Server.
1- create a policy to allow incoming SIP calls from the known proxy
2-create a policy right below blocking all incoming SIP traffic
1- create a DENY policy (action=DENY) with source address=your proxy, and edit it in the CLI:
set srcaddr-negate When enabled srcaddr/srcaddr6 specifies what the source address must NOT be
I think this will work from v6.0 on.
It does help in corner cases but I recommend against using this, as it is not that apparent in the GUI policy table. One regular 'ALLOW' policy should suffice, as all other traffic will be denied by the implicit DENY policy anyway. Or should be.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.