Hi,
I want to know ho to block complete VoIP traffic. I am using v2.9 and v3.20. Please help me out in blocking complete VoIP traffic using both 2.9 and 3.20.
Looking forward for a positive and quick response.
Dear Mudasir,
You can never block voip 100 percent but you can block a big percentage depending how much u r willing to invest for that. The unblockable voip traffic are the ones going thru encrypted tunnels. The only ways to block these manually are either to block the switchs ips they are connecting to with these tunnels and that will be by monitoring the traffic shape you will notice a symetric bandwith on the upload side and download side in forms of 16k, 24k, or 88K,.. depending on the codec they are using.As for direct voip services without tunnels using sip and h323 you can block ports 5060-5061 for sip setup and 1720 for H323 setup calls for a regular client that will do the job but for a more intelligent client who change these ports and overcome your blockade you should use a layer 7 firewall in order to dig deeper in packets and find the sip and h323 calls. This procedure can block around 70 percent of voip but with a deggregation of sound quality and a bigger investment.