| Table of Contents | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
The SIP firewall can assist you in detecting failed SIP connections to the SBC.
...
The SIP Firewall configuration works in conjunction with SIP Security Monitor Service
. Refer to SBC Operation
SIP Firewall Configuration
To start the configuration go to Configuration->Security->SIP Firewall then then:
click Add to add rule in the SIP Security Monitor – Rules section.
...
Specify the name for the new rule, then click Add.
...
If a certain IP exceeds this then it will be blocked.
The Action Parameter is set to 0 so this will block the host forever,
if you would like the host to be blocked for 15 minutes set the Action Parameter to 15.
If you want to keep all blocked users in your own 3rd party firewall youcanlet you can let the SBC block the IPs then check the status of the blocked users as shown below.
Or Or you can write to the log file and have a utility which checks the NSC logs for these entries and act on this.
The log file is /var/log/sipsecmon.log on the unit or in the WebUI go to Reports->System->NSCLogs then click on SIP Security on SIP Security Monitor.
SIP Firewall Logging
To configure the log level click Edit under the SIP Security Monitor Configuration.
...
On the next page the Log Level can be set to Info or Debug, once set, click save to exit.
...
To apply the changes click to Configuration top tool bar, then click Reload.
...
...
SIP Firewall Status
To get the status of blocked IPs on the SBC go to Overview->Security->SIP Firewall Status and the list of blocked IPs will be there.
...
Yes No