Responsive Firewall Blocking Host in a Specified Internal Network Zone

For some reason the responsive firewall is creating a blocked host rule for an IP address that falls within a /24 network zone classified as internal. The interface is specified as external and applies to the PJSIP protocol.


Does the blocked host show up in Firewall, Status, Blocked hosts? Is the host attempting to register with bad credentials such that it might be picked up by fail2ban in System Admin, Intrusion Detection?

Yes, the blocked endpoint’s IP shows up in Firewall/Status/Blocked Hosts. The endpoint has proper credentials as it can immediately register once I click the “X” in the Blocked Attackers section. The only fix I’ve tried thusfar is a /24 and a /32 approach for the specific IP and it does not resolve the problem.

I assume you are running the latest version (13.0.29 as of this writing), otherwise I will wait for @xrobau to chime in here.

I have the latest online modules available for my installation:
FreePBX Framework 13.0.119
System Firewall 13.0.28

Recommend upgrading the firewall to edge:

fwconsole ma --edge upgrade firewall

What sort of device is it, and how is it trying to connect? Anything unusual about it? A bunch of blf buttons or voicemail status lights?

Cisco SPA504G with the SPA500DS attendant console. (~15 BLF)

An endpoint that is just a single SPA504G with no console just got blocked by the firewall. It’s really weird since this is another IP that I had listed explicitly listed as a internal network zone, but it showed up under “Registered Endpoints” after I unblocked it.