Security Best Practices to Permit RTP from any address while using public IP
I’m using a wholesale SIP service with an Adtran 916e to connect through the PRI interface to a ShoreTel system. I can make outbound calls, the calls connect, and the remote party can hear the user from the ShoreTel, but the user cannot hear the remote party.
My provider said they do not anchor media, and that I will need to permit RTP from any address. How can I best do this while also properly securing my device?
This post, Allow RTP/UDP Ports For Any IP indicates that I should leave my firewall disabled. That seems counterintuitive to me. My intention was to use an ACL and permit only the RTP port range. Why would I disable the firewall on a device using a public IP? What am I missing here?