On recent FreePBX video Tom release;
FreePBX One Year Follow up Review and The Phones We Use: Yealink YEA-W56P & Zoiper
my mind blown away when he said that no port forwarding needed. that is possible to deal only NAT when your FreePBX behind firewall (pfSense). I would like to know if there specific need to change on pfSense to able achieve this ?
As I stated in the video, no changes are needed in pfsense.
even on NAT Setting? I believe, I watched one of your pfSense video that you like your NAT settings to be on Hybrid NAT, rather than Automatic NAT which is default on pfSense.
I assume you use Siproxd - Proxy for handling NAT of multiple SIP devices to a single public IP ?
…
I see from the video you do not. Because you always have a control connection (on 5060/udp) from the local FreePBX server out and open to you upstream VoIP provider. And your VoIP provider can tell your local FreePBX server (through the control connection) to open a data connection out through pfSense firewall (No need for port-forwards) when a call arrives. (The concept seems similar to FTP data+control connections with 20+21/tcp)
Is that correctly understood.
…
Guess it is. 
Hybrid NAT is used for custom VPN and outgoing settings, not for FreePBX