Fail2Ban blocks and firmware update issue


Hello Everyone

I use one UCM 6300A IPBX since June and after some issues at first and thanks to the forum help, it works correctly till last week.

I have two issues which are probably not related but it seems better to explain both in the same post in case one of you thinks they are both the result of a hacking.

1* The UCM is connected to 2 SIP providers (one for quite all the traffic and the other for rescue purposes and for premium rate numbers).

On Wednesday, the second trunk didn’t connect anymore.

I waited two days in case there was a trunk provider issue, and Thursday I tried to disable and then enable again the non-working trunk.

It did not work, then I restarted both fiber modem, firewall and UCM, and then the two trunks didn’t connect!

Precisely, it did connect for a few seconds after the UCM reboot

After other attempts, I chose to use the spare UCM I bought in case of material failure (one UCM 6302A because there was no 6300A available when I purchase it).

After a little time needed to restart the phones or wait as they reconnect, it works correctly and I brought home the non-working UCM.

Exploring all options, I noticed that my two providers IP are listed as asterix-udp in the black list of Fail2ban.

My questions are:

  • Do you think the system can blacklist by mistake legitimates SIP providers or that it is certainly hacking attempts?

  • If the issue is only Fail2Ban, is it normal that the trunk connection works correctly maybe 30 seconds before shutting the connection down?

2* I checked the configuration of the UCM6302A which used the latest firmware available last summer and realized there was now the version available by Grandstream FTP.

I downloaded it on my computer (the special version for UCM6300A and 6302A) and on Saturday, I connected to the UCM6302A with administrator account and uploaded the new firmware.

It was unusually long to achieve this upload and after a few minutes with no change in the web page, I refreshed it.

There was a dialog box which prompted me to restart the UCM to achieve the update, which I clicked.

During maybe 5 minutes, the little LCD screen of the UCM indicate update, then prompted to hit the button around this screen. I clicked it but after reboot, I only see the Grandstream logo and then no boot.

After maybe 15 minutes with only the logo, I decided to unplug the power supply.

After replunging it, it doesn’t boot again (only the same logo).

Then I read the user manual and used the reset hole on the back of the ucm with a paperclip and after manually setting my computer on the same IP subnet, I accessed the recovery login.

I was surprised that my password and those on the label didn’t work but with admin/admin, I connected and uploaded the previous firmware (

It now reboots correctly.

Do you have similar issues and advices?

Thank you very much for the specialists who can respond.


PS: Sorry for my bad English, I am French speaker.


if you have not done any NAT you have no reason to worry, otherwise and if not in ACL, yes


@Pat42 You should whitelist your SIP trunk provider in Fail2ban along with any other fixed IP that you would want to access to/from the UCM (your location, the client’s network, the client’s remote networks, etc.).

I also put an SD card in all of my installations and do a backup once the initial config is done. Then if I ever have to factory reset the device I can restore the programming. You can program the UCM to perform a backup on a schedule so you always have a recent version of a working config.

I hope this helps.


Thank you.

In fact:

  • I made a few backups of the configuration (and used it to transfer the configuration to the spare IPBX), but as I didn’t made any configuration changes, I thought it wouldn’t help!

  • I thought I put the IP of my main provider in the whitelist, but there was a mistake on one number!

That and the fact that the SIP connects correctly a few seconds is why I didn’t suspect Fail2Ban.