3 thoughts on - Asterisk Behind Firewall

• Both work. If you have enough IP addresses to dedicate one to your Asterisk server, that removes one node in the path from the world. You will need a firewall on the Asterisk server to protect it from outside meddling. If you can put the Asterisk server on the same network as the SIP
  devices (using a second NIC) that should help performance.

  Is the SIP network on the same network as your internet/data LAN?

  Ron

• Hi,

  I have used a sonicwall Firewall, it has a sip transformation feature. It is necessary to use a firewall to protect your server

  Best Regards, Madushan

• I have a /29 to use for the network.

  My immediate go-to set-up will be to put the asterisk server on a public IP
  off the /29 and harden the IPtables along with other monitoring scripts and lock down methods. Then add the router on a different /29 IP and have all the phones register through the router to the public asterisk server and limit only registrations from that router’s IP address.

  I then would add the three trunks I need such as inbound/outbound, international, and 911 to the asterisk box

  However, I do think this is best practices. It is my understanding to move the asterisk box behind a router/firewall and have the phones on the same subnet of the asterisk box. Then the router/firewall will do the trunking to the vendors.

  I dont know which is best nor do I know the hardware for the router/firewall device.