As it is right now I block all STUN traffic. However there is a legitimate use case for it. What is the recommended secure way to handle STUN traffic. Can it be man in the middle-ed like SSL or are there other options to securely inspect the traffic?
I allow STUN for Skype for business online. I set it up with a verified whitelist if IPs for the destination list, that I get off Microsoft’s website. You can try adding IP ranges or ports for source/destination to secure it without allowing everything.