Asterisk Behind Firewall

Home » Asterisk Users » Asterisk Behind Firewall
Asterisk Users 3 Comments

I was wondering if anyone can give me any pointers or insights of whether or not to have an asterisk server behind a firewall.

I have always ran Asterisk on a public IP but was wondering if I should move it to a local IP behind a firewall.

I am looking to set up a location with 300 SIP phones.

Normally, I would put the Asterisk server on one public IP and let the SIP
phones get DHCP from a router on a different IP and they would register to the Public Asterisk server from that IP address.

Should I move the asterisk server behind the same router?

If so, how should the server be set up and what is the best router/firewall hardware to accomplish this environment?

Thanks,
-H

3 thoughts on - Asterisk Behind Firewall

  • Both work. If you have enough IP addresses to dedicate one to your Asterisk server, that removes one node in the path from the world. You will need a firewall on the Asterisk server to protect it from outside meddling. If you can put the Asterisk server on the same network as the SIP
    devices (using a second NIC) that should help performance.

    Is the SIP network on the same network as your internet/data LAN?

    Ron

  • Hi,

    I have used a sonicwall Firewall, it has a sip transformation feature. It is necessary to use a firewall to protect your server

    Best Regards, Madushan

  • I have a /29 to use for the network.

    My immediate go-to set-up will be to put the asterisk server on a public IP
    off the /29 and harden the IPtables along with other monitoring scripts and lock down methods. Then add the router on a different /29 IP and have all the phones register through the router to the public asterisk server and limit only registrations from that router’s IP address.

    I then would add the three trunks I need such as inbound/outbound, international, and 911 to the asterisk box

    However, I do think this is best practices. It is my understanding to move the asterisk box behind a router/firewall and have the phones on the same subnet of the asterisk box. Then the router/firewall will do the trunking to the vendors.

    I dont know which is best nor do I know the hardware for the router/firewall device.