Block external connections

[Talmid_L]

Hello,

I am facing the issue that from time to time some devices get compromised by some virus infected Windows computer on the network and it's making fake calls. I managed to put all phones on VPN, but somehow it still happened. I am not sure how it happened. So my conclusion is that I would only allow connections coming in from the VPN network and block external connections. I want to disable the external sip-profile and leave the vpn-profile active. I am also considering to block the incoming port on the public IP.
Would this affect connections with providers? (gateways) Did anyone do this before?

 

[Herbert Whistlefjord]

Trunks and users use different ports [5060 vs 5080] so you can use that in your firewall rules to distinguish them.
But that's not going to help you if the devices with the SIP user credentials on are compromised [I think that's what you're saying].

 

[Talmid_L]

I am not totally sure that the device is compromised, unless it can be done with some packet sniffing.

Previously what happened, that the security was disabled on the provisioning profiles, so this way was easy to get any credentials. Now that is secured with username and password. The phone itself has VPN, so I really don't know how the credentials leaked.

When the breach happened it was a FPBX registered with the same extension as a Yealink phone. It was registered from an external IP address.

So this is why I would like to block all incoming connections on the public IP and allow only VPN. I don't know how this affects connections to the providers.