Any Firewall used must be selected, deployed, tested and managed by competent personnel to meet the needs of the IP Office deployment.

The NIST Special Publication (SP) 800-41, Guidelines on Firewalls and Firewall Policy: http://csrc.nist.gov/publications/nistpubs/800-41-Rev1/sp800-41-rev1.pdf provides background information, including other helpful resources.

Only the absolute minimum of Firewall ports and protocols should be opened for use with IP Office. For example set only the port direction and protocol needed.

The relevant IP Office port matrix for each release must be used. A link to the port matrix document is located on the Avaya Product Security page at https://support.avaya.com/security.

Firewall guidelines:

• If a remote IP address is static – an ITSP SIP trunk for example – the source address should be configured to constrain the access further.

• IP Office unsecure ports/protocols should never be exposed to the Internet.

• If using a stateful Firewall, H.323 and SIP inspection should be turned off as this will interfere with IP Office operation.