I use mode route, wan connect pppoe and lan local
Please Upgrade to 18.104.22.168+ Immediately for Security Fix: Firmware 22.214.171.124 for UCM6202/6204/6208/6510 Released as Official
I am not running in route mode as I never expose a PBX directly to the Internet. However, I tested using the rules to block a single IP as I cannot try “all” as I am using switch mode, so only have the LAN interface available and doing all might lock me out.
I set my rule up as follows:
The address blacked out is a public IP. As the rules are processed in sequence, it is my top most rule. The rule underneath allows all, but I have a router/firewall in front of the UCM and do my filtering there. Not only do I prefer not to expose the UCM directly to the Internet, I would prefer it act as a telephone system rather than spending CPU cycles being a firewall.
it’s crazy to use UCM’s firewall, once the attacker has reached UCM, it’s too late, then everyone does as they obviously believe.
My take echoes Larry, you should never expose a UCM directly to the Internet. It simply does not have the resources to fight off the attacks. You are much better off to put the UCM behind a decent firewall and lock firewall rules down as much as possible.
My system prior to UCM was a quad core Xeon box running fusionpbx. It WAS exposed directly to the Net and a substantial amount of its horsepower was used by fail2ban and other utilities engaged in “firewalling”. If a Xeon was that busy I cannot imagine the load being put on the smallish ARM CPU in the UCM fighting the same battle
I know that, but some of their customers do so
I also know people who drive the car and change gears without pressing the clutch, that doesn’t mean it’s OK.
If you firewall correctly (no random packet answered) it can be. Buf if port are opened free UCM will lose any battle. This will prevent for using sip clients on mobile phones (random IP) but for other static IP it is fine.
I observed the failed logins without any user input also on firmware 126.96.36.199.
Following steps I did before that:
- Logged in as admin
- Performed some changes
- Logged out and kept the login page open
- After some minutes I tried again to login, but the client was locked out
- After waiting for the timeout to be over, I managed to login
- My own IP was then listed in the blocked IPs
- Wireshark showed that the browser sent multiple failing login requests in the background, although the browser was already logged in.
It happened with Chrome on Windows. After a full reload of the page it never occured again.
I wanted to report that I tried to make a Custom User Backup (with backup permission), this backup was made but with a really high execution time (about 2 minutes).
The same backup made by admin was made in about 20 seconds.
Agree! You are right! That means that this UCM is like a bicycle, selled like a car. Newer go to highway! Remove firewall from UCM it is props, full of holes. Next time it will fail with local network and from electricity cable, or new moon.
Still it is fail made by developers, just live with it.
if you bought a voip server to use it from Firewall you are 100% wrong
Any voip server from any manufacturer works this way, it’s probably not your job, so you’re not up to date.
Any company in the world must have a Firewall that must be GDPR compatible, otherwise you are completely wrong.
Anyway this is a forum, not a place to complain and speak badly of the Producer, so I invite you to open a ticket, you can tell him all your concerns
i have had customer added to the banned user login page, for what seems no reason, definitely bad to have the user login banned for no reason. awesome you have to disable the security settings to access the ucm…
I have have had trouble with Chrome sending repeat login attempts after the the system logout timeout. I haven’t had those issues in Firefox.
Chrome is terrible lately (long one). I use operaGX instead and have no problem at all.
the problem are the updates, every time a Browser updates comes out strengths and weaknesses, they compete with each other who works better, or worse?
They add options not stability. It is same across all companies as marketing/sales say what is important and what not. In such environment selling more devices is more important then stability. Even basic function are related to any sales opportunity.
why does sim ring now stop all other phones from ringing, why do the template settings disappear after viewing they were there, why do user now get banned from logging in for no reason. why does a security fix CAUSE SO MANY OTHER ISSUES… wth, time to start drinking again
now i have customers calling complaining about the crappy phone system, no more upgrades for sure, better off taking your chance with the hackers…
You opened this up on another thread. Please do not cross-post or post the same issue on multiple posts.
Which firmware version did you upgrade from when you applied 188.8.131.52/23
dec20_19_v_1_0_19_27.tar, the previous firmare update to the ucm6208 was on dec 20 version 184.108.40.206