The nuts and bolts of SIP are complicated, but put simply: SIP session negotiation takes place over the signalling port (default 5060) and the audio (more correctly, the ‘media’) goes over a random pair of ports in the RTP port range (default 10k-20k). It’s quite common for providers to do SIP signalling and SIP media from different hosts, and some providers have many media servers. So imagine what happens when a SIP session is negotiated through a NAT router, but the audio appears from a different port range and from a different server. Unless the router is configured for this scenario, you will experience zero way or one way audio on the call, probably the most frequent troubleshooting question asked here in this forum.
Whether your provider proxies media through their signalling server or not, is the main determining factor on whether you need port forwarding in place. It also depends on the router’s implementation of NAT. Some routers have a SIP ALG that is intended to correct for this, but it seems like most ALGs do more harm than good, at least for Asterisk. You will find some who boldly claim port forwarding is never required. Virtually every SIP provider will claim the opposite. They are both arguing from experience.
In support we run into all the fun edge cases. When the router is not port forwarding media, we see cases when inbound audio on calls is lost until the PBX first sends outbound audio to establish a media path through the NAT router. This is irrelevant for 99.9% of use cases, but there are automated call scenarios (DISA, Broadcasting, FMFM to external DIDs, etc) where there is no audio outbound from the server (or at least not initially) and so therefore inbound media (including DTMF) won’t work either. There is a little test I do from the Asterisk CLI when I suspect this might be a problem:
channel originate local/xxxxxxxxxx@from-internal application echo
replace the x’s with a test DID and call yourself. You should be able to hear your own voice echoed back when you answer, but in (at least some) cases when the PBX is behind NAT and media ports are not forwarded, the audio is broken.
Long story short, do what works for you. If all is fine without port forwarding, then do it. If at any future point you experience one-way or zero-way audio, you will need to revisit this decision.
edit - In the following post, Greg brings up an important point, all of the above refers specifically to trunks that register to a SIP provider. If you are not using registration then you MUST ALWAYS port forward all SIP signalling and media ports without exception.