After I realized that our SIP security settings were not working properly this morning (see other thread on this topic), I disabled and re-enabled the SIP security in the firewall. While this fixed the vulnerability, it left us with a new problem, no voice (media) traffic was being passed by the firewall.
My SIP provider uses two different IPs for our VoIP service. I have a signaling IP and a media IP. My thought was that I just needed to add both IPs to the SIP server networks and things would just work. However, this is not the case. The firewall allows the signaling traffic without issue, but the media traffic to the media IP is dropped.
The only way that I found to get this to work was to add a separate packet filter rule for the media IP which allowed traffic from our VoIP network (which contains all of the phones and the PBX) to the media IP for ANY protocol. This does seem to solve the issue, but I am not sure if this is the best or correct configuration approach. Any guidance on this topic would be appreciated. Thanks in advance.
Mike
This thread was automatically locked due to age.
