Showing results for 
Search instead for 
Did you mean: 
Walkthrough Wednesdays
BW Dijk

Creating Call Policy Rules


I tried to created a call policy rule on our VCSe to stop unwanted call a tempts trough our VCS.

I use a GDS (Global Dialing Scheme) dailing scheme connected to the Dutch national gatekeeper organization. The connection is made by using a Neighbor zone.

I got can use the following numbers: 0505257000 to 0505257999 to register H323 endpoint to our VCS.

This all works fine.

In the logs of the VCS I can see that a lot of unwanted call atempts are made to the VCS, I tried blocking these calls by blocking the IP adresses (or a range of adresses) in our firewall, this of course helps, but new IP adressen are used so this is not a solution.

I made a simple call policy rule that should work I thought but I'm getting an error on the VCS

The call policy rule I made looks like this:

- Source pattern: 0505257(\d*)

- Destination pattern: 0505257\1

- Action -> Allow

The error I get is:

- Failed to load Call Policy file Line 7: Error: invalid destination regex '0505257\1' in rule node Raised Warning

Does some one knows a solution to solve my issue.

Best regards,


Rising star

Hi Bert,

the call policy rule generator won't allow you to do this. The source and destination fields are both for doing matching, not for transforming/modifying a called alias, you would have to use transforms, search rules or regular CPL for this.

When you fill out the 'Source' and 'Destination' fields, the VCS will attempt to match an incoming call with these values.

Can you describe in more detail exactly what you want to achieve in terms of who is to be allowed to call who, and who should get their call rejected?

- Andreas


I will try to explain my question better.

Our VSC and that of our costumers is "under attack" by some one who is trying to make cheep calls using SIP.

as you can see on the image below.

I want to block these calls but not the calls who are intended for our system.

We use URI in combination of E.164 adressing, URI is not a problem.

Because we use a strict dialing dailing scheme I was thinking, block al call attems exept the ones who are in the E.164 range we use.

In short: block all call requests exept the URI domain configured and de E.164 range we use in our case 0505257000 to 0505257999

looking forward to your reaction.



in that case, you could create one call policy rule allowing calls with source 0505257\d\d\d and destination .*, (as the topmost rule since rules are processed top-down), and one call policy rule rejecting calls with source .* and destination .*.

This will allow authenticated call requests from aliases 0505257000-0505257999 to any destination, while rejecting all other calls.

When using the CPL rule generator, an unauthenticated call will be matched with source .* since the source field equals the authenticated-origin CPL field (Authenticated-origin will equal to nothing when the call is not authenticated).

For this to work, the default zone on your VCS needs to be set to 'Do not check credentials' to ensure that calls coming in via this zone are not authenticated.

Please consult the VCS admin guide and the 'Authenticating devices' deployment guide for more information and deployment tips regarding authentication and blocking of unauthenticated calls.

- Andreas

Content for Community-Ad

Spotlight Awards 2021