Not sure what logs to find for you etc. But I am having lots of external users getting blocked since activating the firewall. Almost all of our phones are Yealink so I can’t say if that is a “common” factor among the users being blocked or not. But I do have one user not on a Yealink who is having no trouble.
I have seen this now with at least 4 different users! I add them to the whitelist and all is well (but since they don’t have a static IP that isn’t even a long term solution or the right solution). Any ideas, what logs do you need etc?
What version of the firewall are you using? Are you sure it is Firewall that is blocking the phones, do you see the IPs of the phones in the Status, Blocked Hosts tab?
I am using Firewall 13.0.32 currently just upgraded for.28. Saw it on .28 and now on .32. I can confirm the host is listed in the blocked host tab. I have now disabled the firewall and the phone is again able to register and work. This is happening with at least 4 users so I don’t think it is a configuration issue on the phones.
Check the Services section of the Firewall module. Are the phones coming in via FTP or TFTP?
Also check to see if pjsip or chansip are allowed (for which ever you’re using)
This sounds like the Yealinks are being unusually noisy when talking to Asterisk, and are triggering the intrusion detection, because of a lot of traffic is happening in a small time window.
I guess the best way to check this would be to do a ‘sip set debug peer 1234’ and then create a ticket against firewall, attaching the /var/log/asterisk/full log, so I can see what’s actually happening
Make sure you do a ‘logger rotate’ before you turn the phone on, so there’s not a bunch of excess noise at the start of the full log
1: Legacy SIP is enabled.
2:I’m not sure if these phones have anything set to grab the config (some probably do and some probablly don’t).
3: Rob I will try to grab those logs for you tomorrow.
Rob just an FYI that I opened a ticket yesterday for you with hopefully the logs you need.