Best Of

Curious what happened with this one

I had a similar issue with a SIP trunk provider that does 'checks' to make sure they can still reach the 100+ PBXs we have in our datacenter. The datacenter firebox would often (few times a month) block the providers IP as an IP SCAN ATTACK.

Adding them to Blocked Site Exceptions list did NOT prevent them from getting on the blocked site list and WG support confirmed that was expected behavior. They said that sources of IP SCAN attack will always end up on blocked sites and the exceptions list will not stop this. Only option was turn off scan protection.

We ended up just using GrayLog to filter the logs and email us when we saw the SIP trunk get blocked so we can handle it asap.

Manual Host file...hey, do me a solid. Can you listen to "1999" from Prince when you create it? ;-P

The firebox does not currently have any IPv6 to IPv4 NATing capabilities. IPv6 traffic is handled and sent out as IPv6.

There is an open feature request for this (it's FBX-4012) but there's currenty no ETA on if/when that will be available. Please create a support case and mention FBX-4012 if you'd like to follow that request -- the support rep can set the case up to do that for you.