SIP UDP Security issue
I am using FGT80C with OS 5.6.11 and there is issue
I have SIP server (210.X.X.82 ) on DMZ
so I try to setup policy
Policy 12 from DMZ (210.X.X.82 ) to Wan1 (GEOIP -JAPAN ) and allow port SIP (UDP5060)
Policy 14 from Wan1 (GEOIP -JAPAN ) to DMZ (210.X.X.82 ) and allow port SIP(UDP5060)
then current issue is we have attack on SIP server from all over world
that pass the policy 12 .
Strange thing is Policy 12 is from DMZ to WAN1 however forti cloud log shows attacker come through this policy
we try to use VPN(US IP address ) and TCP has blocked but confirmed UDP5060 can access .
is it OS bug ? or my setting is bad ?
to avoid this issue I change port to another so attach is finished
however still this problem remain I meant if they find new port they can access .
Other policies shows only from local to wan etc so only these 2 policy related to DMZ function