Remote IP Phone Security with Firewalls

A remote phone deployment in branch offices or work-at-home employees is completely different than SIP trunking. Remote phones are dynamic in location, and require significantly more calling features. Remote phones cannot be considered as peers, as phones register for services and change IP addresses often, across multiple devices and locations.

Remote phones require automatic provisioning with file servers and possibly require web access and REST API access to the IP‑PBX. The interconnectivity between remote phones and a IP‑PBX is complicated with many communication requirements.

The application of security solutions involves providing a firewall solution that is used to define the remote phone to IP‑PBX relationship between various networks using VoIP application layers, file provisioning, and other services, while ensuring signaling and media are secure. Meanwhile, remote phones most often are located behind other firewalls, presenting additional communication issues.

Security Best Practices

In this example, the IP‑PBX resides behind a typical network firewall. The Firewall is the border element between the Internet (or untrusted network zones) and Local Area Networks (or trusted zones). The remote phone is located on a remote network across the Internet. The firewall is monitoring network traffic and decides whether to allow or block specific traffic based on a defined set of security rules.

Security Best Practices

Firewall Features & Setup

The firewall controls the traffic by redirecting SIP signaling and audio media streams to the defined destinations. In this solution, the firewall is controlling communications for allowing SIP VoIP traffic from remote phones to be directed to the IP‑PBX.

If you enjoyed this blog, and would like to learn more about Security Best Practices for VoIP, download our whitepaper here: sangoma.com/voip-security-best-practices/