NEVER assign a public IP address to the IP Office

If it needs to be accessible for remote phones, or remote administration, use your firewall to NAT traffic from whitelisted IPs only, change all passwords, disable accounts that are not needed, use different ports for SIP, use strong passwords for phone login codes, set security to log and disable for repeated login attempts, etc.

https://downloads.avaya.com/css/P8/documents/101028353