Hello, I am in charge of running a 3CX PBX (16 SC Pro) for an office of about 10-15 people. We use nexVortex as our SIP provider, and an ASA 5505 Sec+ (9.2) as our firewall. Our former 3CX partner setup our ASA to allow any traffic on 5000, 5060, 9000-9049 to be forwarded to our 3CX server. We have desk phones that are in the office, but we also have remote users who need to use softphones while they are traveling. I have seen a lot of conflicting information on whether port 5000, 5060, and 9000-9049 should be opened on our firewall. This document (http://www.3cx.com/blog/docs/ports-used/) and many others seem to suggest that it is okay to leave 5000, 5060, and 9000-9049 open, while I have heard from many others (including a 3CX premium partner) that 5000 and 5060 should NEVER be left open. It seems to me that the way we have it setup now leaves a gaping hole in our network, and that we are running a major risk of our SIP trunk being exploited. At the same time I don’t want to close everything off and not be able to make calls. My question is what is the correct way to secure our network? Thanks!