ACLs are supported for the SIP signaling protocol. The Communications Broker loads ACLs so they are applied when signaling ports are loaded. The following rules apply to static NAT entries based on your configuration:

• If there are no ACLs applied to a realm that have the same configured trust level as that realm, the Communications Broker adds a default NAT entry using the realm parameters.
• If you configure a realm with none as its trust level and you have configured ACLs, the Communications Broker only applies the ACLs.
• If you set a trust level for the ACL that is lower than the one you set for the realm, the Communications Broker will not add a separate NAT entry for the ACL.

ACLs provide access control based on destination addresses when you configure destination addresses as a way to filter traffic. You can set up a list of access control exceptions based on the source or the destination of the traffic.

For dynamic ACLs based on the promotion and demotion of endpoints, the rules of the matching ACL are applied.