|
= Your Firewall =
Protect your phones and VoIP servers from the outside world.!
*See [[VoIP Firewall]] for firewall requrements
See http://aa.net.uk/kb-telecoms-voip.html for more info, but:
*Allow SIP from our servers to your phones: UDP port 5060 and 2002 from 81.187.30.110 - 81.187.30.119, and 2001:8b0:0:30::5060::/112 if you use IPv6 (we may add more servers in the future, but will be on the above URL when we do)
*Allow RTP from everywhere to your phones: UDP 1024-65535* from everywhere (which also covers SIP above)
*Don't allow access to your phone or servers web configuration pages from the Internet.
==Secure Your Equipment == ▼SIP is the call routing information that creates and manages calls, this will only come form our servers.
RTP is the actual audio. RTP will be as direct as possible, the audio can be sent from anywhere on the internet, which is why these ports need to be open.
*on most phones/clients you can configure which ports to use for RTP, so you can restrict this range further eg on a SNOM phone the default range for RTP is 49152 through to 65534.
If you run your own server and allow phones to use it from your WAN/Internet, then lock this down as much as possible - perhaps only allow access to your PBX from the Internet via a VPN.
▲==Secure Your Equipment==
Many Phone systems and VoIP phones will have their own security features, do make use of them and use strong passwords. See your equipment documentation for further information.
| 