In this section:
The SBC Core enhanced Dynamic Blacklist (DBL) feature provides the ability to restrict packets and rejects the SIP messages received from endpoints based on the criteria and action, which are provided in a rule. In this way, the SBC is protected from offending or misconfigured/misbehaving endpoints. The enhanced DBL Profile is configured to contain one or more rules. The profile is then associated with a SIP Trunk Group. The rules contain criteria and action. This SBC enhanced profile supports handling offending events in a flexible way apart from triggers such as the two consecutive 401s for REGISTER messages, rejectWithResponse
action, all SIP requests from that endpoint are rejected with the response configured in the rule for the configured effective period. When the timer expires, the entry is removed.badSipMessage
, and endpoint CAC rejection.
% set profiles services enhancedDblProfile <profile name> rule <rule name> state <disabled | enabled>
The Enhanced DBL Profile parameters are described below.
Use the request addressContext <addressContext name> enhancedDBL removeEnhancedDblEntry removeIpEntry
commands to remove any Enhanced DBL IP-based entries matching specific criteria.
Refer to Request Address Context - CLI for details.
Use the show status/table addressContext <addressContext name> enhancedDBL
commands to view Enhanced DBL Profile status details.
Refer to Show Table Address Context for details.
% set profiles services enhancedDblProfile <profile name> rule <rule name> action effectivePeriod <0-86400 seconds> type blacklist rejectWithResponse rejectWithResponseCode <400-699> watch criteria <rule criteria> state <disabled | enabled>
% set profiles services enhancedDblProfile <profile name> rule <rule name> criteria occurrence aggrCountValue <1-86400> consecutive disabled resetMethodResp <101-699> resetMethodType <ALL | BYE | CANCEL | INFO | INVITE | MESSAGE | NOTIFY | OPTIONS | PRACK | PUBLISH | REFER | REGISTER | SUBSCRIBE | UPDATE> enabled countType aggrCount resetCount <1-10> timerWindow <1-86400 seconds> offendingEvent methodResp <all | all4xx | all5xx | all6xx | 400-699 or single value> methodType <ALL | BYE | CANCEL | INFO | INVITE | MESSAGE | NOTIFY | OPTIONS | PRACK | PUBLISH | REFER | REGISTER | SUBSCRIBE | UPDATE> triggerEventType <authenticationTimeout | badSipMessage | receiptOfMessage> scope <ipAddress | ipAddress-Port | ipAddress-Port-Transport>