I have a new FreePBX install with all SIP endpoints on the local network (no remote clients required). I have one SIP trunk to a provider on the Internet. I have not needed to open any inbound ports (public to private) on our hardware firewall to allow the SIP trunk to connect to our provider and function correctly. Our FreePBX has Fail2Ban enabled.
This being said, we have been seeing a few external IPs being blocked by Fail2Ban. Our hardware firewall shows external IPs trying to connect to our FreePBX on UDP port 5061.
How is this possible given that there are no ports open inbound (public to private) on our hardware firewall? Is our FreePBX sending out an invite?
Thank you in advance,