In pursuit of security I'm beginning to segment my network to put "things" outside of my core network, including my VOIP phones. I'm running pfense 2.60 on a Protectli FW4C with 4 ports, and I'm using 3 of them as follows:

Following this documentation I've allowed traffic as follows:

where RingCentral_Supernets is an alias to all the networks from Table 2.1 and PolyCom_Provisioning is an alias to the FQDNs from Table 3.2.6 for my PolyCom phone.

The good news is that my phone works, and it has the correct time. :LOL:

But am I being overly permissive with the * ports for the RingCentral_Supernets? Should I enable only the port ranges required in Table 3.2.6?

Or can we trust the entire RingCentral_Supernets?