Just had a few issues with my system coming under attack and I only has port 5060 (now moved to an off standard solution) exposed with the required RTP ports to the internet.
I assume your standard
is then supported through forwarding and firewall entries in your router? why would you want to expose the PBX to any more security risk than necessary?