Results 1 to 3 of 3

Thread: filter rule for sip access

  1. #1

    Default filter rule for sip access

    Hi everybody,

    I need to enable sip access just for one net. I have tried to change the default rules on my Epygi 2x firmware 5.1.17 from "Restricted_ip: Any" to "Restricted_ip: 1.2.3.0/24" under internet_uplink->filtering_rules->sip_access but the rule it is not working. That's how it is look like my rule:

    State:Enabled
    Service:SIP
    Action:Allowed
    Restricted_ip:"Group: 1.2.3.0/24"
    Description:sip enabled net

    after the rule it is applied everyone is still able to send sip request to my IP-PBX. I have tried to disable that rule and after that no one is able to send sip request anymore (the medium security feature it is doing is job i mean ). The Epygi's 2x firewall configuration is:

    Enable IDS: yes
    Enable NAT: yes
    Enable Firewall: yes
    Medium Security: yes

    At the moment to deny sip access i am working with the "blocked ip list" feature but i just want to deny sip access and not all the services for a net.

    I have tried with firmware 5.1.19 and the problem is still there. Any of you as discovered the same problem?

    thank you for your help.

  2. #2

    Default

    after a couple of troubleshooting tests I realized that the sip access feature is working if you set under "restricted ip" just a single ip. But as, I said in the post before, IT IS NOT WORKING neither with a net nor with a couple of net.
    Probably David could check the "sip access feature" for us.
    WARNING: "I've tried with Epygi 2x with firmware 5.1.17, 5.1.19 and Epygi 4xi with firmware 5.1.18. I have no idea if that feature is working with firmware 5.0.x"
    Last edited by nitrox; 09-26-2009 at 12:27 PM.

  3. #3
    Quadro Architect
    Join Date
    Jun 2006
    Location
    Around myself
    Posts
    2,075

    Default

    Well, I have tested that..

    Everything works OK

    But there are two thing you need to check and be aware of:
    1. If you make a ssuccessful call to/from some destination, then applied a rule, which should block that destination, this rule may not take effect, because the device caches the IP in the "connection tracking table" and allows subsequent connections. You would need to either reboot the device or wait for a long time for the connection cache to expire.

    2. This is the consequence of the point 1. If your device is sending SIP requests (for example registers) on some IP address, you cannot successfully block that. As soon as your device sends the registration message, the access will open. Some time passes, the access is blocked again, then again your device will send a message and access will open. So you will have intermittent results.

    I think these two issues affected your testing, thats why you think that "SIP Access" rule have problem. It doesn't, actually

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 1
    Last Post: 09-08-2009, 10:52 PM
  2. Dialing Rule
    By darryl in forum 'How Do I' Questions
    Replies: 2
    Last Post: 06-18-2009, 12:25 PM
  3. Outbound call routing rule has stopped working
    By esscom in forum Troubleshooting and Problems
    Replies: 5
    Last Post: 05-06-2009, 11:14 AM
  4. How to filter "9*?" ?
    By pompigna in forum 'How Do I' Questions
    Replies: 1
    Last Post: 03-04-2009, 09:52 PM
  5. Destination NAT rule on medium level firwall
    By skyways in forum Troubleshooting and Problems
    Replies: 4
    Last Post: 05-02-2008, 10:29 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •