Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

SIP PCI compliance fail

Status
Not open for further replies.

Plug2012

Technical User
Apr 25, 2012
72
GB
For some reason this year any site with gamma SIP trunks is now failing PCI tests with "UDP Source Port Pass Firewall" we lock down all communication on UDP 5060 and all media ports to Gamma's IP addresses so not sure why this has now became a problem. Nothing has changed and we have been using them for 5 years. Any idea what I can do to fix this ?
 
I hate pci compliance tests. For years they pretty much passed. Then about 5 years ago they upped the security check. Now it started failing on things like. Oh, the port is open. Luckily
most places have a form you can fill out explained why the port is open and allowed. If the pci compliance software is really good. It will talk to what is on the port and figure it out
by itself or even recommend updates.

TTFN,

Josh
 
For this it was old draytek routers causing the issue, thier firmware was from 2018 and was the latest so had to swap them out, the firewall rules on them werent correctly locking down the SIP ports, they were still giving some kind of response on the port scan.
 
I agree with CPM86. I'll get this with PCI scans and some devices and open ports. Often the client has to just put in the reasoning why that port is
open and they will accept it and move on with the compliance certification.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top