Table of Contents
Advertisement
Figure 24: Asterisk Service Fail2Ban setting
If Fail2Ban is enabled under "Global Settings", user must select "Asterisk Service" under "Local Settings"
in order for it to take effect. Starting from firmware version 1.0.15.13, UCM Fail2ban feature works on all
type of ports (UDP, TCP and TLS). Users can then define the value for "MaxRetry" which will override the
"MaxRetry" value under "Global Settings". "Max Retry" specifies the number of authentication failures
during "Max Retry Duration" before the host is banned and the default value is 5.
In addition to defending against hostile SIP messages, Fail2Ban can now be configured to defend against
login attacks. Excessive login attempts will ban IP addresses from accessing the UCM web UI, users could
enable the option as shown on the figure above.
Once enabled, and When the number of failed login attempts from an IP address exceeds the MaxRetry
number, that IP address will be banned from accessing the UCM Web UI.
Please note the listening port number is always kept the same as HTTP server number under UCM web UI
MenuSystem SettingsHTTP ServerPort.
P a g e
|
30
UCM Security Manual
Hide quick links:
Advertisement
Table of Contents
