Those that are running Suricata IDS/IPS on your DMZ-PBX, what are some of the rules you choose other than Suricata’s emerging-voip rules or Snort’s protocol-voip and Snort’s subscriber voip rules? Research suggests security problems voip faces are malware, voip phishing, DoS or MITM, etc.
I have a pfSense DMZ-PBX setup and have been using Suricata for about four years on pfSense.