To find out why User receives "403 Forbidden" from MOR, you should:

1) Check Last Calls for User's calls
Go to Statistics -> Calls -> Last Calls and search for calls of the User. If you find any failed calls, check the hangupcause code (HGC). All information on HGC and tips how to resolve it can be found here.

2) Check Last Calls for the destination the User dialled
Go to Statistics -> Calls -> Last Calls and search for the destination number, which was dialled by the User ("User" field should be empty in the Search filters):

• If you find calls with HGC 200, this means that User is not configured correctly or User is using incorrect details to register. Check your User (and User's device) configuration, make sure it is correct.
• If you find calls with HGC 207, this means that your provider is making calls and you did not allow the provider to make calls. To configure provider which can make calls, follow the manual here.

3) Check if User's IP is blocked
Check if User's IP is blocked. Connect to your server and run:

iptables -L -n | grep 1.2.3.4

where 1.2.3.4 is the IP of your User. If you get any output with words DROP or REJECT, the User's IP has been blocked. Information on how to unblock the IP and manage the iptables, can be found here.
The most common reason for User to get blocked is by sending bad registration requests. This can be seen in Asterisk logs. Just run command:

grep 1.2.3.4 /var/log/asterisk/messages

If User is trying to register with a wrong password, you will see logs like these:

[2015-03-11 12:56:09] NOTICE[13687] chan_sip.c: Registration from '<sip:1212@1.2.3.4:5060>' failed for '11.22.33.44:5062' - Wrong password

Fail2ban protects your system and blocks the IPs, which try to register with the wrong password too many times.

If none of that helps, make sure user is sending calls to your MOR IP. To check if anything is coming to MOR, capture all incoming packets. This can be done by using Wireshark.

See also

• Hangupcause Codes
• Change HGC for a User