We are using a Yeastar S20 PBX. I have to set up a whole bunch of firewall rules to allow traffic from my SIP provider. Before I do so, I was wondering if I need to even enable the firewall on my Yeastar system, since I already have a firewall protecting my office network as a whole. Is there value in having the dual firewalls in place?
4 comments
-
Larry Neblett Well, the choice is yours. If your are certain that the Internet facing firewall has got you covered, then there may not be a reason.
I never expose any PBX directly to the Internet as all are behind firewalls; typically only using switch mode, but I do set up the firewalls or other safety mechanisms that the PBX has to offer as a matter of principal. I make no assumptions about all threats being only from the outside. I want the PBX to look at the request rates and IPs that may be internal as well as some may decide to play with the phones, try and log into the PBX or otherwise cause some issues as their curiosity rises. You might also have a different thought about it if and when you use remote phones or even mobile softphone apps.
It doesn't take long to setup and as you are only protecting the PBX, its pretty much a set and forget kind of thing.
-
Andrew Thanks Larry. You have a good point that attacks could come from within our network. In that case I would like to turn the Yeastar firewall on.
In that case, I have another question on how to configure yeastar's firewall: My SIP's list of IPs to whitelist includes IP ranges and also IPs given with a '/' notation. For example:
147.75.65.192/28, 147.75.65.192-147.75.65.207 How can I enter IP ranges and things such as the /28 into Yeastar's firewall?
-
Gideon Greyling This will explain how to do firewall rules for SIP and LAN https://www.youtube.com/watch?v=5bfMHe0B8T8&t=35s