I use Voip Innovations. These pointers will work for any version of FreePBX that has an integrated firewall.
Step 1 - set up a trunk for each of the inbound IP address.
Step 2 - set up a trunk for each of the outbound IP address. If you are feeling tricky, you can combine the couple that are used for both into the same trunk.
Step 3 - set up each of the INBOUND IP addresses as “Local/Trusted” addresses in the Integrated Firewall.
Step 4 - (if you need outside connectivity for other providers or phones) - add each of these IP addresses as local/trusted addresses in your same firewall.
Step 5 - Go to your border router and port forward from VI’s specific address for your Inbound calling to port 5060.
Step 6 - (if you need outside connectivity) add each of your other provider’s/phone’s IP address to this list.
Step 7 - do these 6 steps for your other inbound SIP port (5060/5160/5062/5162) depending on which ports are being used to send you calls. Don’t get too froggy, though. I only use Chan-SIP for VI - the “no user required” thing might work with PJ-SIP, but when I tried it, it didn’t, so I just recommend to everyone that they use Chan-SIP on port 5060 (not 5160, which is where the default is).
At this point, port 5060 is only going to be seeing traffic from VI and from the other providers that will be sending you calls. DO NOT open traffic on port 5060 to anyone that isn’t sending you calls. Everything else will happen because the outbound sets up it’s own environment.
Step 8 - port forward UDP ports 10000-20000 to your PBX. NOT TCP - JUST UDP.
If you have phones that connect to the server from outside the LAN, you can use the Adaptive Firewall to receive and allow/deny calls from outside the network. Note that this is only true iof yo don’t know what the IP addresses are going to be - if you know the IP address of everything that is establishing a connect TO your phone server, you can use the standard Integrated Firewall and skip the Adaptive Firewall altogether.
The important parts with VI are that they will send you traffic from literally any of the half dozen sources they tell you they are using. Also, double check the addresses, a couple of them are deceptively similar.
Note that I run a NetBSD server as my firewall in front of my phone systems - I allow anything from VI’s half dozen specific IP addresses on any port, and port forward a few pertinent ports through the NAT firewall to the PBX.