Configuring the Firewall Rules on AudioCodes SBC for Microsoft Teams
Introductions
A few years ago, I wrote a blog on configuring the firewall on an AudioCodes Session Border Controller (SBC). That article covered the rules needed by one of our clients for a Session Border Controller with connections to:
At the time of the writing of the original article, Microsoft Teams Direct Routing was not even available. This blog is an update to the original focusing on the rules needed in a Microsoft Teams Direct Routing deployment on an AudioCodes SBC with an interface to a typical SIP trunk.
Bibliography?
AudioCodes has written documents addressing security on their Session Border Controllers and Gateways. There are versions for the 7.2 and 7.4 firmware in which they discuss the importance of setting up the SBC’s firewall rules:
The AudioCodes Teams Direct Routing Configuration guides contain the rules needed for an integration with Teams Direct Routing. These guides apply to both firmware versions 7.2 and 7.4:
Firewall Rule Guidelines
The instructions for adding firewall rules to an AudioCodes SBC can be found in the latest version of the SBC’s user manuals. These manuals can be found in the “Library” on the AudioCodes web site. There are a few items to note about the SBC firewall:
Adding Firewall Rules to the SBC
Before adding firewall rules to your SBC, backup it’s configuration file! If you accidentally lock yourself out of the SBC with a blocking rule, you will thank me for this piece of advice!
From the SBC’s web interface:
The form is split into three (3) sections:
Typical Rules for an SBC with Teams Direct Routing
In the AudioCodes Teams Direct Routing configuration guides, they have firewall rules that permit inbound traffic from:
The Security Guidelines documents include a rule to block ICMP traffic on all interfaces.
Following our Security mantras:
We can add some additional rules to further harden the SBC:
Now we can see what a typical starter set of rules might look like for an AudioCodes Teams Direct Routing SBC (some IP addresses are fictional):
Summary
Cloud Solutions Architect - Enabling Technologies
Last updated on July 31st, 2023 at 12:58 pm