The way the responsive firewall works is definitely flawed. We are an ISP that offers hosted phone and have a few PBX’s sitting on public IP’s. In the beginning we blocked everything except our subnets and had little trouble. In the last year we started to resell at&t fiber to customers that were outside our network. In an effort to NOT have to put a small vpn router at each customers home who had phone service we opened up the PBX server’s to the world.
Some endpoints will work perfect for days or weeks before they have problems. Others will work forever with never any problem. No rhyme or reason to why some get blocked and others don’t. Most of our clients are grandstream ATA’s with no call features of any sort. No BLF, or in many cases voicemail. They just pass calls to and from the PBX.
The biggest issue that I would like to see resolved is, if an end point which can’t correctly register (in other words, it has a proper extension and password) SHOULD NEVER get blocked. Now, if you are throwing random passwords at the PBX, yes, let’s watch you and block you.
I wish this was more configurable. I realize that’s opening a can of worms and some people would probably get themselves in trouble by incorrectly adjusting the rules… but not having ANY control or ANY real visibility in to why these endpoints get blocked at random is frustrating.