Security best practices for external trunks

Use the following Genesys Cloud best practices to provide security for Internet-facing external trunks.

PrerequisitesClick to expand

Prevent unnecessary Internet visibility

When possible, configure internal network addresses on the network interfaces of your trunks.

Learn moreClick to expand

Obtain the internal network IP address of the server.
Click Admin.
Under Telephony, click Trunks.
Click the External Trunks tab.
Select your trunk.
Under Outbound – SIP Servers or Proxies, enter the IP address for your SIP server or intermediate proxy, and click plus .

Notes:

The inbound listen port is used by default. If you want use another port number, enter that port number in the Port field.
IP addresses added to the Outbound – SIP Servers or Proxies section are automatically placed on the SIP Access Control Allow list.

Click Save External Trunk.

Configure an External SIP trunk with a non-default port

Do not use the common default port of 5060 for your trunk. Configure an alternate port. Confirm with your provider that the alternate port is available.

Learn moreClick to expand

Configure the Access Control List (ACL) to allow only specific SIP traffic sources

The SIP Access Control List (ACL) applies to inbound SIP trunk calls only.

Learn moreClick to expand

1. Click Admin.
2. Under Telephony, click Trunks.
3. Click the External Trunks tab.
4. Select your trunk.
5. Under SIP Access Control, do the following:
- - If you are configuring an external SIP trunk, you’ll set Use Source Address to Yes.
    Note: If you are configuring a BYOC Carrier or BYOC PBX trunk, the Use Source Address setting does not appear.
  - To allow an address, enter it in the box under Allow the Following Addresses, and click plus .
  - To deny an address, enter it in the box under Always Deny the Following Addresses, and click plus .
1. At the bottom of the page, click the Save External Trunk button.

[NEXT] Was this article helpful?

Get user feedback about articles.