[asterisk-users] Which router/firewall would you use for a virtual-PBX Asterisk installation?

jg webaccounts173 at jgoettgens.de
Fri Nov 20 14:59:18 CST 2015


> Hi everyone.
>
> We've got a fairly large base of customers who use our Asterisk server for phone service in a 
> virtual PBX kind of way, where the server is security hardened and exposed to the internet for 
> them to connect to remotely with SIP and IAX. It's certainly not the sort of affair where 
> we're running it as a PBX just within the building. As a result, we see network traffic coming 
> through eth0 between 512 Kbps and about 3.0 Mbps, depending on the time of day.
>
> We haven't so far been using a hardware firewall/router on our server network, but it's 
> becoming increasingly clear that we need to. We have enough experience to know that Asterisk 
> is pretty sensitive when it comes to network hardware in our situation - we've had to replace 
> one otherwise perfectly good 100 Mbps network switch because it simply wasn't able to keep up 
> with the amount of streaming audio we put through it, and it badly affected voice quality. We 
> have other traffic flowing through our server network too, including a significant amount of 
> e-mail and web traffic, although that's not quite as sensitive to the quality of our network 
> hardware.
>
> If you've got these large requirements for Asterisk, I'd love to hear what you use for a 
> router, and whether that router has met your needs. It would also be nice to hear about what 
> kinds of routers to avoid that you may have tried in the past and found lacking.
>
I am working at a scale of about 10 Mbps and I am using customized pfSense setups. Essentially, 
I am also using Asterisk as a session border controller as part of the router/firewall. I am 
using a multi step procedure to keep unwanted traffic away from the application software, which 
includes geo IP filtering and blocking based on Snort alarms. So far I haven't seen the 
necessity to block anything based on Asterisk logs, but I'll plan to add that feature to 
pfBlockeNG as a custom IPv4 (and IPv6) list.

It's too early for recommendations or public demo software, but I am planning to add my SBC to 
pfSense 2.3 superseding the current Asterisk package. If necessary, pfSense allows for traffic 
shaping and a couple of other neat feature, that are usually not part of small firewalls.

jg



More information about the asterisk-users mailing list