Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 26 subscribers
  • Views 9446 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SIP Issue - Got a question about security and a rule I added

JTK

I have a question about setting up a sip rule for a customer of mine.  Their phones wouldn't work with the sip module loaded or unloaded.  So I started troubleshooting  and reading the forums.

The have Yealink Phones using Skytel Global.

So I added this rule and wanted to see if I just completely opened up the firewall to attack?  I set the source port to 1:65535 route to a destination port of 5060 for both TCP and UDP.

This is what it looks like:

 

Things started working when I added this but just wanted to make sure it wasn't a hole.  I assume since there is no forwarder into a particular server then it would only be initiated from a phone talking out to the sip server and back in?

 

Finally the phones seem to be working but I read in another post that at the bottom of this rule I should check off rewrite source address.  Is that necessary?  They have 5 static ips but they are all using the first useable ip for now.

Thanks,  Joey 



This thread was automatically locked due to age.
Parents
  • 0

    Joey,

    you should use DNAT instead of network rule. Remember that more restrictive you are, and more safer you will be.

    Restricting by source IP, destination IP, specific port is the way to restrict accesses.

    Regards

  • 0 in reply to lferrara

    Thanks again!  You are all over these forums :)

    I just spoke with the phone company and they gave me an ip to limit by source.  So for now it is the only place that rule will allow traffic.

    Feel a little better about that setup. 

     

    When you say DNAT how do I do that since they have several phones inside the network?  They are on the same ip range as all the other devices.  Isn't DNAT to forward traffic to a single device?

    Thanks,

    Joey

Reply
  • 0 in reply to lferrara

    Thanks again!  You are all over these forums :)

    I just spoke with the phone company and they gave me an ip to limit by source.  So for now it is the only place that rule will allow traffic.

    Feel a little better about that setup. 

     

    When you say DNAT how do I do that since they have several phones inside the network?  They are on the same ip range as all the other devices.  Isn't DNAT to forward traffic to a single device?

    Thanks,

    Joey

Children