VoIP Firewall: Difference between revisions

No edit summary
m (Tidy Up)
[[file:Snom710.png|link=:Category:VoIP|Go to the VoIP Category]]
 
This is what we suggest firewall-wise for voipVoIP customers:
 
{| class="wikitable"
 
 
'''SIP''' is the call routing information that creates and manages calls. in practice if you allow port 5060 from the outside world you'll see attacks and possibly receive spam phone calls. We do not recommend leaving 5060 open unless you really know what you are doing. Phones rarely use ports as low as 5060 for media.
 
'''SIP''' is the call routing information that creates and manages calls. inIn practice if you allow port 5060 from the outside world you'll see attacks and possibly receive spam phone calls. We do not recommend leaving 5060 open unless you really know what you are doing. Phones rarely use ports as low as 5060 for media.
'''RTP''' is the actual media (eg, the audio). On the older call servers it will be as direct as possible the media can be sent from anywhere on the internet. Using the ne call servers it is only from the same call server as the SIP control messages. On most phones you can configure which ports to use for RTP, so you can restrict this range further. For example, on a SNOM phone the default range for RTP is 49152 to 65534.
 
'''RTP''' is the actual media (eg, the audio). On the older call servers it will be as direct as possible the media can be sent from anywhere on the internet. Using the nenew call servers it is only from the same call server as the SIP control messages. On most phones you can configure which ports to use for RTP, so you can restrict this range further. For example, on a SNOM phone the default range for RTP is 49152 to 65534.
 
 
==Other things to Firewall==
*Don't allow access to your phone or servers web configuration pages from the Internet.
*If you run your own server and allow phones to use it from your WAN/Internet, then lock this down as much as possible - perhaps only allow access to your PBX from the Internet via a VPN.