I have a deployment that will does not accept registrations from an extension when it’s IP changes (dynamic IP from ISP). I have to add the IP to the trusted zone in the network tab for these endpoints to register. Other deployments do not have this issue. Responsive firewall is enabled. New IP is not banned by fail2ban/intrusion detection. Anyone run in to this or have any suggestions for other settings to change? Deployment has the latest modules from the standard repo.
It happened again and If I did see that IP in the blocked hosts list. However, as expected when I added the IP to the trusted zone the IP was removed from the blocked hosts lists. This isn’t exactly new information though.
I found in the asterisk logs when the endpoint’s IP must have been change because that is when the endpoint became unreachable. However I don’t see any activity related to blocking the new IP around that time (or at all) in var/log/asterisk/fail2ban, var/log/asterisk/firewall.log, the asterisk log and var/log/messages. Are there any other log files I can check?
Another thing that’s weird is this server has a live warm spare and every phone registers to is using sip.server.2. The primary PBX is backed up and restored to the warm spare every night. All modules are backed up so the settings for the firewall are identical. Despite this, these IPs do not get blocked on the warm spare, only on the primary PBX.
Hi @chrisduncansb
If you see the new IP is banned in blocked hosts section, then you need to increase the Responsive firewall threshold parameters as shown in the screenshot and then give a try
