We seem to be having an issue just in the last few months where our IP phones are randomly disconnected from the IPU cards. This can happen once a day, or three times a day. CIX670 using various models of IP phones from Toshiba with MIPU16 cards.

We have two cards, each with a different provider (so i doubt it's related to the carrier). The disconnect will happen on either card, at random and everyone on that card is cut off at the same time, the phone reboots and reconnects. Of course, if they are in the middle of a call, they are instantly cut off from that call.

It's become quite an interruption to our workflow at this point. Some have suggested that the solution is a firewall device between the connection and the IPU card. As of right now the connection goes directly to the cards with no firewall or router to an outside IP address. That's the way it was setup by our phone service company originally.

Any help would be appreciated if there's anyone who's seen this or can offer any help.

If you have phones outside or off the internal network the MIPU can't be behind a firewall.
But from experience I can tell you it most likely a SIP attack on the IP cards. Which will cause them to shut down and or reboot.

That's great information, even if we have SIP turned off (which I believe we do), what is the solution then to stop this?

I believe that even if you are not using SIP, I believe that the MIPU will respond to SIP messages. If you even look at incoming data, once people see port 5060 open they start attacking it with SIP invites and registration messages, attempting toll fraud.

There is a way to put a firewall in front of the MIPU. The trick is that the MIPU must be assigned a public IP address without NAT. Toshiba had a document on how to configure a Zyxel router to filter incoming traffic while still giving the MIPU a public IP address. Then you could filter port all incoming traffic except for the ports the phones need for their IP phones.

Also fantastic information, thanks very much.

A few things come to mind:

1. Perhaps I can ask our ISP to block port 5060 if the attacks are indeed coming just from that port. When I do a full port scan, I do not see that port as being open, but there may be other scanning tools that show it is open. Are there other ports as well that would need to be blocked?

2. I don't understand why you couldn't just give the card a local IP address and setup NAT and then simply only allow traffic from the IP addresses of those people having phones (yes it would have to be adjusted if their ip changed)? Why would the card care or know about this? I've done things like this for many other applications. For example, how about something like this: https://www.tp-link.com/us/support/faq/2026/

3. I will look into the Zyxel router option and see if someone can locate that document.

EDIT- I have confirmed that port 5060 in UDP is open. 5060 and 5061 are both closed to TCP, but apparently the UDP 5060 flood attack is quite common and may be what's happening here.

SIP typically uses UDP ports 5060 and 5061 so a scan will not show it as open. I don't know how these guys find an open SIP server, but they do. Non-stop SIP invites and registrations. Toshiba is pretty good about not letting these get through, but they don't stop

MIPU IP has never worked with NAT. If you have public-facing phones the MIPU must always have a dedicated public IP address assigned to it. There are a lot of technical reasons why, but it is a bit much to go into details. You can get SIP to work on an MIPU with a router that supports SIP ALG, but routers do not understand the Toshiba IP protocol. Sometimes they think it is H.323.

Other routers will probably also work, but I think Toshiba mentioned this brand because it was a lower-cost solution. Back in Toshiba many years ago class they used a Sonicwall

Check PM.

Edit: I should note that a VPN from the user's premise will also work if you wanted to keep the card internal.

Thanks for the great suggestions. In the next few days, I'm going to see if the ISP will block that port and see if that changes things.

Just to update everyone on this, in case someone has a similar issue.

The ISPs would not block the ports for us, which I suspected. So with the help of some members on this forum we setup firewall devices yesterday for both of our IPU cards.

Specifically the ZyXEL ZyWall USG 20 using a setup generously provided by newtecky.

It hasn't been long enough to determine if this has solved the issue, but I will update everyone in a few days with the final results.

One nice benefit of using this device is that we are able to see logs for the first time, and the attempts made to access or query the device.

This is exactly the issue we have been experiencing. Thank you PTME and newtecky for explaining what’s going on.

We already have a Sonicwall in place but with our MIPU connected directly to the ISP’s modem. Ideally I would figure out how to configure the Sonicwall, but I’ll invest in the ZyXEL router if needed.

Newtecky, if you could PM me the ZyXEL configuration steps, I would be very grateful. If anyone has the steps for a Sonicwall, that would be a bonus.

Thanks everyone, looking forward to getting this solved.

Jon

I have a CIX100 with this problem too. I would be very interested in knowing the solution as well. We have SonicWall here too, but like Jon the MIPU is connected directly to the ISPs modem.

I'm happy to know that I'm not alone in this issue, frankly I was wondering why I hadn't heard more people complaining about this problem! The Toshiba systems are old now, but still in wide use.

The SonicWall that you have is likely for your network in general, this solution requires a dedicated device (though who knows if there is another way using other devices). The ZyXEL ZyWall USG 20 looks to be around $200 on Amazon at the moment, so it didn't seem worth investigating since this was the "known" solution.

PMs sent

There should be a way to use Sonicwall, but I have had several IT fail to get it to work. A 5 port switch ends up being the easy solution.

SonicWalls are one of the harder firewalls to deal with when it comes to VOIP. I have several cheat sheets I can send if interested, it gotten to the point that if the IT person or company has never done VOIP we will go around them with public IP's.

However we have chased issues with everything being public and had these issues as well. In those cases it is always the carrier blocking something or in our case the Comcast modems blocking or having a setting activated that should not be.

Make sure you have good up to date firmware on the IP cards and the correct phone firmware. I have seen a bunch of LIPU's that will work flawless with older firmware on the 5xxx series phones but crap out with the latest and greatest.

I think in almost every case, we end up using a direct connection to the MIPU. I have had some IT try to say that they can get it to work with NAT. I say to them, well let Toshiba engineers know of your miracle solution because so far this has never worked with the MIPU. In the case of the ZyXel, Toshiba actually took the time to make a step-by-step example of how to firewall the MIPU using this specific router. Years ago in Toshia's class, we tried to do the same thing with a SonicWall router, but we could not get this to work in the lab environment. I am sure that there is a solution with other router models. I no longer have the time, or desire to figure out Toshiba PBX solutions in my office lab.

Sonicwall does work well with SIP trunks to Toshiba behind a NAT using ALG (SIP transformations). I have several SIP trunks working through Sonicwall. The Toshiba IP phones do not use SIP. That is why you won't get them to work through NAT.