DoS and Flood protection in Firewall Configuration

So you have installed 3CX PhoneSystem, your VoIP Provider account registers fine, a couple of test calls successfully prove that all is working. It’s now time to put things into production.

And as soon as you have more than a couple of simultaneous calls, things stop working correctly!!!

Calls do not come in, registrations fail, unexplained one-way-audio or no-audio behaviour – what gives??

Firewalls and NAT Devices today are always trying to do MORE to protect your network. And its very possible that they may be doing TOO MUCH in your case. Check out your device and see whether it has features to protect your network against “Flood” type attacks. A VoIP call from a VoIP provider will deliver a constant stream of UDP RTP packets to your network to deliver the audio content of the call – which some Firewall devices may easily misinterpret as a Flood attack or a DoS attack on your network.

Firewall DoS options

This is what a typical DoS Protection option might look like (DoS defence is disabled here) – so you could change or tweak some of these settings (especially UDP flood defense) to get things working correctly. Disabling DoS defense completely (for troubleshooting purposes only) is a simple way of identifying whether this is causing failures.

Just a quick hint to stop you from tearing your hair out…

Regards