The SIP firewall can assist you in detecting failed SIP connections to the SBC.

SIP Firewall Configuration

To start the configuration go to Configuration->Security->SIP Firewall then 


 

 

The rule below will look for any single source IP exceeding 20 failed attempts over 10 minutes. 

 

 

If you want to keep all blocked users in your own 3rd party firewall youcanlet the SBC block the IPs then check the status of the blocked users as shown below. 
Or you can write to the log file and have a utility which checks the NSC logs for these entries and act on this.

The log file is /var/log/sipsecmon.log on the unit or in the WebUI go to Reports->System->NSCLogs then click on     SIP Security Monitor.

 

SIP Firewall Logging

 

 

 

 

SIP Firewall Status

To get the status of blocked IPs on the SBC go to Overview->Security->SIP Firewall Status and the list of blocked IPs will be there.

 

 

 Yes  No