Firewall configuration for SIP.



  • Hi

    I run a local software based PBX. This sits on my LAN and connects to several SIP trunk providers.
    Each SIP trunk registers on Port 5060 and is configured as a unique endpoint in the PBX.
    I have the required ports open from the SIP providers routing to the softPBX

    This is working perfectly without any issues, no problems with audio or making and receiving calls.
    I have SIP phone registered locally and again all that works with out any issues.

    I've now registered a SIP handset to a remote PBX over the Internet. The phone is configured and STUN is enabled.
    Initially I had issues with one way audio, so I've enabled Hybrid NAT and created a rule from the IP Address of the SIP Phone/32 with the destination address and port as ANY and Static Port enabled. That has allowed two audio.

    However if a call is transferred to to this SIP Phone or I pick up a call from the remote PBX I get one way audio.

    Under Rules / WAN I've created a rule as :

    Protocol: IPv4 TCP/UDP
    Source: RemotePBX IP Address
    Port: Any
    Destination: Any
    Destination Port: Any

    Under Rules / LAN I've created a rule as :

    Protocol: IPv4 TCP/UDP
    Source: Any
    Port: Any
    Destination: RemotePBX IP Address
    Destination Port: Any
    Gateway: WAN_PPPOE (to ensure my VPN isn't used)

    My aim was to effectively white list all traffic TO and FROM the remote PBX IP Address, in case the ports being used were changed.

    This doesn't seem to have helped.
    Can anyone help with this ? I don't want to loose the connectivity I have for the local PBX, but I would like to get the SIP Phone working on the remote PBX correctly.

    Thanks.