So it's a simple question. Boss's got a dedicated line for SIP service.

We have mitel servers (which have a firewall built into it) So I dont know a huge amount about SIP. But mitel and sip provider is saying to patch it directly to the mitel controller. No security issues since the only their endpoint and ours on the sip connection.

So essentially their saying to skip even plugging it into the palo and have it go direct.

I'm more on the side of, I have no idea what their doing and trust the ISP and Mitel even less.. so Is anyone is skipping the paloalto for their SIP? And if not anything in particular I should do to keep it going as fast as possible? I mean it is phone calls. And this is a pa1410 in HA. Running at maybe 12%

Edit: So I had a thought I could put the mitel server internal interface in a DMZ? I guess but plug the sip directly into it.. so in case that server got hacked somehow it'd still need to go through the palo