[asterisk-users] Asterisk Behind Firewall

[IPN Comm]

I have a /29 to use for the network.

My immediate go-to set-up will be to put the asterisk server on a public IP
off the /29 and harden the IPtables along with other monitoring scripts and
lock down methods. Then add the router on a different /29 IP and have all
the phones register through the router to the public asterisk server and
limit only registrations from that router's IP address.

I then would add the three trunks I need such as inbound/outbound,
international, and 911 to the asterisk box

However, I do think this is best practices. It is my understanding to move
the asterisk box behind a router/firewall and have the phones on the same
subnet of the asterisk box. Then the router/firewall will do the trunking
to the vendors.

I dont know which is best nor do I know the hardware for the
router/firewall device.

On Mon, Jan 4, 2016 at 1:31 PM, Ron Wheeler <rwheeler at artifact-software.com>
wrote:

> Both work.
> If you have enough IP addresses to dedicate one to your Asterisk server,
> that removes one node in the path from the world.
> You will need a firewall on the Asterisk server to protect it from outside
> meddling.
> If you can put the Asterisk server on the same network as the SIP devices
> (using a second NIC) that should help performance.
>
> Is the SIP network on the same network as your internet/data LAN?
>
> Ron
>
>
> On 04/01/2016 1:15 PM, IPN Comm wrote:
>
> I was wondering if anyone can give me any pointers or insights of whether
> or not to have an asterisk server behind a firewall.
>
> I have always ran Asterisk on a public IP but was wondering if I should
> move it to a local IP behind a firewall.
>
> I am looking to set up a location with 300 SIP phones.
>
> Normally, I would put the Asterisk server on one public IP and let the SIP
> phones get DHCP from a router on a different IP and they would register to
> the Public Asterisk server from that IP address.
>
> Should I move the asterisk server behind the same router?
>
> If so, how should the server be set up and what is the best
> router/firewall hardware to accomplish this environment?
>
> Thanks,
> -H
>
>
>
>
> --
> Ron Wheeler
> President
> Artifact Software Inc
> email: rwheeler at artifact-software.com
> skype: ronaldmwheeler
> phone: 866-970-2435, ext 102
>
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>                http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20160105/d54c44af/attachment.html>