I have a customer that are using softphones and are connected by a the SD-WAN., but all other Voip services are on the cloud inc PABX and external SIP connections and they want to use local breakout.
Phone to Phone traffic no firewalls (SD-WAN)
Voip Services in the cloud (Meraki firewall )
I have concerns regarding the Meraki firewall allowing inbound connections to the Phones from the VOIP Provider as Meraki only seem to allow Port forwarding or 1 to many NAT.
The Meraki firewalls are Stateful, but I have concerns with the Inbound traffic if no state is generated by the client first.
I have seen other VOIP cloud providers that are working fine with only outbound firewall rules and no inbound port forwarding.
Does Meraki work some Magic to allow traffic generated from the Cloud?
How are inbound connections handled? The MX is a stateful firewall, so most inbound communication will only be allowed as a response to an established outbound conversation. Inbound communication can be explicitly allowed by means of port forwarding or 1:1 NAT/1:Many NAT rules, whereby a specific internal device is associated with a public port/IP. When considering how to implement a VoIP solution, it is important to note who will be initiating what communication; if an internal phone initiates a connection to an external PBX, the stateful firewall will allow the PBX's response back into the network. However, if an external PBX attempts to initiate a connection to an internal phone, it will be blocked unless there is a port forwarding or NAT rule allowing that communication. For more information on port forwarding and NAT rules on the MX, please refer to the following articles: