VoIP Firewall Rules for Incoming Traffic

Forum|Forum|12 years ago
August 22, 2013
3 replies
4309 views

We are getting ready to switch over to VoIP and I have received a phone to test with, before deploying the solution to our organization. If I put a firewall policy in place to block all inbound traffic from the WAN (internet) to our new VoIP subnet, the phone still works as it should. Why is that? The packet count for the policy stays at 0 wether I allow traffic or deny it, so that tells me that the policy is never traversed. I thought I would have to allow traffic out to the WAN from our VoIP subnet, but also allow traffic from the WAN to our VoIP subnet, but the later seems to have no effect as the phone works with just letting the traffic out to the WAN regardless of the incoming setting. Is this normal behavior?

abelio

SuperUser

Hi Brian, there is a misunderstanding I guess; unless you enable it, traffic from the internet is denied by default What is relevant here is the direction of the session. Your phone initiates the session to outside, same firewall policy take care about the traffic to/from your phone. Nobody is initiating sessions from the outside. regards

OSUBrianAuthor

New Member

Abel, Thank you for the response. I guess my confusion revolves around incoming calls from the WAN (someone from the outside calling us). These calls originate from outside of our network, but somehow can still get to our phones inside the LAN when there are no incoming firewall policies in place (only outgoing). How does that happen. We do still have the Implicit deny all from the Internet policy in place.

Sahil

New Member

Dear all, Can anyone help with the technical comparison of Fortigate 800C with Cyberoam 1500ia.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded