I have had a look through the forum and found both this post https://community.sophos.com/products/unified-threat-management/astaroorg/f/54/t/41227 and also looked at Bob Rulz however I can't get it to work.
What the problem is, is that I have an IP that is continually try to brute force my Elastix box, what my firewall log show are SIP (I have seen UDP on the rare occassion) connections from a remote IP and random 5000 port and trying to go my internal VoIP server.
I set up a DNAT from the remote IP to my VoIP server yet packets were still coming through.
The only way I was able to stop the packets and get them to drop was to change SIP expectation mode to Strict, however now my VoIP system doesn't work. My VoIP system registers and you can call yet once the call is established no audio is heard at either end and in the Firewall log you can that the RTP packets are getting blocked from my VoIP provider and my internal VoIP system.
How I my VoIP settings in my UTM at the moment is SIP Server networks I have my VoIP providers IP addresses and host name in a group, in SIP client network I have my Internal network listed.
So my question is how do I set up my system to allow VoIP from my Internal server to my external VoIP provider and have it work but still block IPs?
A side question relates to Bob's Rulz, The Zeroeth rule, how do I check if I have actually set this ,I set up my system so long ago and I thought it may relate to this issue?
Thanks
Girkers
This thread was automatically locked due to age.
