A customer's security policies often require a customer managed firewall between the customer's network and external providers, regardless of the network connectivity method (MPLS, 46 Labs Voice Firewall, IPsec tunnels, etc.) between the 46 Labs datacenters and the customer's private network.
The customer firewall must allow SIP traffic between the Peeredge Orchestrator and the customer SBCs/PBXs.
If the customer firewall is not fully SIP-aware or if SRTP encrypted traffic is used between the Peeredge Orchestrators and the customer endpoints (i.e. IP phones), the firewall must be configured to allow inbound and outbound RTP/SRTP traffic (UDP ports 5500 to 65000) from the Peeredge Orchestrator and the customer endpoints.
If a customer firewall is placed in front of a 46 Labs voice firewall or media gateway deployed on the customer premise, the firewall must permit all 46 Labs management traffic (e.g. SSH, SNMP, SYSLOG, TFTP, FTP, SCP, ICMP, etc.) between the 46 Labs managed device and the 46 Labs management network. All 46 Labs SLAs are void if a non-46 Labs managed firewall prevents access to the 46 Labs managed devices.
Recommendations
46 Labs recommends deploying 46 Labs voice firewalls in parallel with any customer firewall.
46 Labs recommends connecting 46 Labs media gateways (if required) directly to the 46 Labs voice firewall.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article