Just installed our SG 210 and have our dedicated gig POE switch for phones hooked up to Eth5 on the Sophos and all is working. However, I'd like to get some feedback on a page that our provider has on their KB site about firewalls:
https://wiki.getjive.com/display/COREMAN/1.2+Firewalls
A few things caught my eye:
1. It states that we should allow all IP traffic to and from the phones to their IP ranges. That seems a bit broad and a security risk. If you look at the change log for that page, it previously used to state more specific ports, etc.
2. The part about NAT Keep-alives. Is there a way to ensure those connections aren't pruned as they state in UTM?
I currently have my VoIP network in the UTM added to the Skip transparent mode source hosts/nets as well as exceptions under ATP and IPS.
Any recommendations to change my config or any thoughts on the 2 points above?
This thread was automatically locked due to age.
