I'm not the security guy here, we typically outsource that. However, I was asked by our phone provider to provide a VM to install our new VoIP system on and give it a public IP Address directly on the internet and not routed through a local address. I can do that, but we would need to rely on the VoIP system (linus based) to maintain it's own security. Would it be possible with Pfsense or Sophos UTM/XG to have the public IP Address passed through it to the VM but block specific ports or even country block or other firewall rules?
Thanks
Pete