The FortiVoice unit automatically blocks the IP addresses of the SIP devices that initiate the attacks against any extensions based on the thresholds and parameters set. For more information on configuring security settings, see Configuring intrusion detection.
For blocked IP addresses, you may select an IP address to delete it, add it to the exempt list if it is wrongly blocked, and view its blocked history.
For auto exempt IP addresses, you may select an IP address to delete it if you find it suspicious.
To view the blocked IP addresses, go to Monitor > Security > Blocked IP.
To view the exempted IP addresses, go to Monitor > Security > Auto Exempt IP.
You can use the CLI to set the threshold for blocking IP addresses and sending alert email (the default is 50 attempted logins per minute), the time interval to check the phone call activities (the default is 60 seconds), and the maximum notification emails to send after the threshold is reached (the default is 100).
config security sip-authentication-failure