I would like to setup an IPO so that J179's at users homes will connect to it over the Internet. In the past I've used VPN featureset on the older handsets but since the J179's running SIP don't do that I think my only option is to use TLS and connect directly. I've configured the phones to pull their configs prior to shipping them so I was only going to open SIP ports (5061 and UDP range) inbound to the IPO for the phones to connect. Are there other ports they should need for normal voice comms?
I have configured the extensions with unique passwords and set the pw policy to 8 chars, medium complexity, lockout on 3rd attempt. What else can I do to secure the system? Does anyone have any suggestions on better ways to do this? I am just trying to sanity check myself before deploying something accessible over the Internet.