01-31-2019 01:45 AM - edited 03-17-2019 02:02 PM
Hi all,
I'm not able to find specific information like , which ports needs to be open from the Cube to the ISP. ( outside)
At the moment the cube is configured and the customer is able to make incoming and outgoing calls.
However the cube connection is open in the internet and not secure.
And the ISP is receiving several server attacks from anonymous calls/strange calls which do not exsist in the DDI range.
So the service provider blocked everything and we are not able to make outgoing or incoming calls.
Their advise was to fine tune security so that not everything is open
The client is using a Fortigate 1000 Firewall.
Which things do i need to consider or the security engineer?
01-31-2019 05:55 AM
You need to get that information from he ITSP as different ITSPs use different ports for media. SIP signaling port is usually 5060 or 5061 if using encryption either UDP or TCP, but some providers use different ports for SIP as well.
02-06-2019 07:48 AM
Hi all,
We are already in a middle of a workaround.
Hopefully this will work:
These ports needs to be open:
On the cube create access-lists to permit udp hosts to allow specific traffic coming .
To keep eveything resticted.
And apply the acces-lists to for an example port-channels.
How ever thanks all for the help
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: