A firewall controls the incoming and outgoing network traffic based on an applied rule set and establishes a barrier between a trusted, secure LAN and/or WAN network(s) and the Internet (not secure, nor trusted).
CenturyLink recommends a LAN architecture where the voice traffic bypasses the firewall, as shown below:
If a firewall feature is configured, it must allow the following traffic to pass. The IP address of the CenturyLink session border controller (SBC) varies and can be provided by the CenturyLink provisioner working the order.
The following must be allowed between all Hosted VoIP phones and the CenturyLink SBC (in both directions):
1. Some firewalls will dynamically open and close UDP ports for RTP and control signaling as required and do not need the entire range of UDP ports for RTP opened all the time. If the firewall is configured to build dynamic lists based on traffic that originated inside the firewall then it is not necessary to perform any configuration on the firewall.