In pursuit of security I'm beginning to segment my network to put "things" outside of my core network, including my VOIP phones. I'm running pfense 2.60 on a Protectli FW4C with 4 ports, and I'm using 3 of them as follows:
Following this documentation I've allowed traffic as follows:
where RingCentral_Supernets is an alias to all the networks from Table 2.1 and PolyCom_Provisioning is an alias to the FQDNs from Table 3.2.6 for my PolyCom phone.
The good news is that my phone works, and it has the correct time. :LOL:
But am I being overly permissive with the * ports for the RingCentral_Supernets? Should I enable only the port ranges required in Table 3.2.6?
Or can we trust the entire RingCentral_Supernets?