Any way to have a secure autocreatepeer?

Hi all, quick question…I am using autocreatepeer to get asterisk to work with SER
without having to specify each UA in sip.conf and in ser separately.
2 questions:

  1. Obviously this is not very secure because anyone can bypass the SER
    and register themselves as a peer with the asterisk. Assuming i block
    incoming requests on the port asterisk is running SIP on (excluding
    requests from the SER, of course) does this adequately protect the
    server from unauthorized users or is there something else to do?

  2. According to the wiki the autocreatepeer creates peers based on the
    global variables. some variables, like dtmfmode, for example, are listed as
    belonging to individual peers. if i set dtmfmode, or qualify, or any of the
    others listed as individual variables, in [general] will the autocreatepeer
    use them?

And, of course, if i’m missing something basic conceptually, i’d be
grateful if someone could point that out to me as well. :unamused:

any help is appreciated…
tks Andrew