For quick SSH configuration of whitelisting on 220 series:
In practice you can whitelist on the basis of vendor ID alone to allow third parties to call you but still keep out the spam, or gatekeeper/endpoint IP addresses to block all but your own endpoints. If you whitelist the gatekeeper IP addresses (UVC Access) you don't need to whitelist individual endpoints.
For vendor IDs:
set whitelist enable
set whitelist vendorIds 41242|18|21|172|256|9009|11520|17484|44547|49512
set whitelist sipCtrlEnable
For gatekeepers or endpoints (obviously replacing IPs):
set whitelist ips 18.104.22.168|22.214.171.124
(we actually filter on both) I've only done basic testing on vendor IDs alone so please post comments if it doesn't work for you.
If you have Passports or 200 series you can still block on firewall. If you block 1720 inbound from everywhere but still allow it from your gatekeeper (UVC Access) then that is enough. SIP you can move off port 5060 or disable if you don't use it and that'll be enough.
Retrieving data ...