We’ve got a PBX appliance that has been working with both inbound and outbound calling. However recently some firewall changes needed to be made. The system does seem to be allowing traffic to pass and outbound works no issue.
We had anonymous calls and SIP guests disabled and the trunk worked fine.
The changes to the firewall basically were the previous configuration had the box essentially DMZed and all traffic was free to flow to the box. However obviously security wise that’s no good and now that we took over management we’ve modified it to just forward the ports needed. (5060, 5160, 10,000-20000)
However in this instance now the logs indicate a 401 unauthorized when inbound calls are coming in.
00002 1626130080 * <== 192.168.0.254:40546 INVITE sip:XXXXXXPHONENUMBERDID@WANIP:5060 SIP/2.0
00003 1626130080 * ==> 192.168.0.254:40546 SIP/2.0 401 Unauthorized
Basically the inbound invite is showing as the 8 digit number 1-AreaCode-XXX-XXXX
which is how the inbound route is setup to match including the 1, this worked fine prior to firewall changes.
The 192.168.0.254 is the gateway / firewall. So I’m curious what is being over looked that after changing from DMZ to VirtualIP / service forwarding (It’s a fortunate).
Would now cause it to give a 401 unauthorized, is it somehow modifying the information now?
The Service provider is voip innovations, and setting anonymous and sip guest to On enables the call flow to work, turning those back off the calls are rejected
Thanks if I can provide any more log information let me know