IP Telephony lost connectivity several times during business hours, the PBX is experiencing connection issues, it went down and loss the IP Phones 7900 connection, unable to make calls amoung extensions and incoming calls.
Telephony service is down until customer power cycle the PBX, unable to perform and receive calls.
1. After logs analysis of PBX, : seems there is one device with IP: 184.108.40.206 is attacking the PBX, it keep sending register messages in a very short time:
2. Then it trigger our PBX protection policy and start to drop the register messages, which also dropped the good normal register messages from IP phone.
Customer validated a wrong configuration in the firewall, an invalid port was open. This was modified and issue solved after some time under monitoring.