Fortinet black logo

FortiVoice Phone System Administration Guide

Blocking SIP device IP addresses

Copy Link
Copy Doc ID bd28c435-97e2-11eb-b70b-00505692583a:348555
Download PDF

Blocking SIP device IP addresses

The FortiVoice unit automatically blocks the IP addresses of the SIP devices that initiate the attacks against any extensions based on the thresholds and parameters set. For more information on configuring security settings, see Configuring intrusion detection.

For blocked IP addresses, you may select an IP address to delete it, add it to the exempt list if it is wrongly blocked, and view its blocked history.

For auto exempt IP addresses, you may select an IP address to delete it if you find it suspicious.

To view the blocked IP addresses, go to Monitor > Security > Blocked IP.

To view the exempted IP addresses, go to Monitor > Security > Auto Exempt IP.

Setting the security parameters

You can use the CLI to set the threshold for blocking IP addresses and sending alert email (the default is 50 attempted logins per minute), the time interval to check the phone call activities (the default is 60 seconds), and the maximum notification emails to send after the threshold is reached (the default is 100).

config security sip-authentication-failure

set threshold

set interval

set max-notification

end

Blocking SIP device IP addresses

The FortiVoice unit automatically blocks the IP addresses of the SIP devices that initiate the attacks against any extensions based on the thresholds and parameters set. For more information on configuring security settings, see Configuring intrusion detection.

For blocked IP addresses, you may select an IP address to delete it, add it to the exempt list if it is wrongly blocked, and view its blocked history.

For auto exempt IP addresses, you may select an IP address to delete it if you find it suspicious.

To view the blocked IP addresses, go to Monitor > Security > Blocked IP.

To view the exempted IP addresses, go to Monitor > Security > Auto Exempt IP.

Setting the security parameters

You can use the CLI to set the threshold for blocking IP addresses and sending alert email (the default is 50 attempted logins per minute), the time interval to check the phone call activities (the default is 60 seconds), and the maximum notification emails to send after the threshold is reached (the default is 100).

config security sip-authentication-failure

set threshold

set interval

set max-notification

end