I have the following Firewall rule set up for another of my clients to allow SIP 5060 from 184.108.40.206 (MyNetFone VoIP server) only. As it is inverted, 5060 to “Any” should be Blocked.
However the NAT Active sessions table still shows the hacker attacks. I would assume that the above rule is not working. Can you please tell me what I have done wrong?
From NAT Active sessions table we get “220.127.116.11 5074 wan1”
This means “TCP/UDP, Port from 5060 to any” cannot block 18.104.22.168 5074.
Change Firewall / edit filter set / edit filter rule / filter set 2 rule 2/ service type/ TCP/UDP, Port from any to 5060 (your original rule is from 5060 to any).