If all you want is remote access to DB programming and live monitoring do you only one those two ports? And is it still a good idea to limit the IPs that have access
For most installation, we do a port forward of 44000 and 8443 to the Mitel 5000... and change the SSL port of the 5000 to 8443. The only exception being if they actually use the web interface of the 5000, then the solution varies by need. The SSH port is only port forwarded if we can restrict the IP range from our corporate subnets, but in general we don't open that port.
Unless changed, the system needs these ports for remote access (not phones)
44000/TCP - DB Studio, this is the only port needed for programming. Completely safe to leave open to the public, assuming you have a reasonably complex password.
443/TCP - Used by System Admin & Diagnostics and web page (https), this is often remapped to 8443 for security reasons. Remember to change it in connection settings, you have to enable Show Ports in advanced settings. It is generally safe to leave 8443 open to the public but has some potential security risks (although as long as your passwords are reasonably complex, it is relatively safe to leave open). Without this you cannot get advanced monitoring but still can get SMDR, backups, system output (not logs) since they use 44000/TCP. Port 443 can be safely forwarded if you can restict it's access to a certain IP range(s)
22/TCP - used for SSH connections, in open "port forwarding" situations it is a door for hackers and it should be left open unless it can be restricted to only certain IP addresses (like your corporate public IP range). In general, if you need to access this tool, you should be onsite or for the occasional thing you can take control of remote users PC with something Teamviewer and use portable putty if you can't install the full version due to domain security.
