Situation: You are unable to place or receive calls, and are using a WatchGuard firewall on your network.

Background: We have received numerous reports from WatchGuard product users that a signature in their IPS (Intrusion Prevention Service) may trigger a false-positive threat detection which prevents all SIP traffic.

The WatchGuard IPS is attempting to prevent possible threats related to Asterisk Project Security Advisory - AST-2016-006, which may be found here: AST-2016-006   However, the WatchGuard routine may also incorrectly identify normal SIP messages as a threat.

Possible symptoms:

• Unable to place or receive calls

• SIP messages sent from the PBX are not received by the phone

• SIP messages sent from the phone are not received by the PBX

Solution: If affected, please contact WatchGuard Support to request that the appropriate patch be applied to your product, or changes be made to your IPS configuration. Some customers have advised that this issue is resolved by adding WatchGuard IPS signature 1133075 to the IPS exception list; however, your product may be different. Please contact WatchGuard Support for confirmation and additional instruction, as needed.

Update 11/10/2016: Watchguard has a posted a related article to their knowledge base: IPS false positive for signature 1133075 SIP Digium Asterisk PJSIP Stack ACK Denial of Service

Important Note: The remote crash susceptibility described in the Advisory referenced above only affects Asterisk version 13.10.0, resolved in version 13.11.1. There are no versions of Switchvox which are susceptible to crashes related to this issue. However, the WatchGuard false-positive detection may affect all SIP messaging, regardless of product or version.