Overview

While having the PBX server connected to Kerio Control, the inbound VoIP calls might be dropping from time to time. The inbound SIP traffic is not reaching the firewall periodically.

Security logs may report the following entries:

IPS: Alert, severity: High, Rule ID: 1:2525000 ET 3CORESec Poor Reputation IP TCP group 1, proto:TCP, ip/port:x.x.x.x:53363 -> y.y.y.y:5060 (control)

This article provides information on how to resolve such issues.

Solution

Kerio Control is using IPS to check the IP addresses against Public blacklist databases.

It might happen the public IP where the packet is coming is being marked as a poor reputation. You would need to contact the sender part of that IP, as it might be listed on several blacklists. Depending on the blacklist database, the delisting process may vary.