SIP

Configuring Firewall Mikrotik. Remote registration of SIP accounts. What ports to open?

Good afternoon, dear experts!
The situation is as follows:
Network A 192.168.0.0/24. It has IP PBX MyPBX 192.168.0.150
Network B 192.168.7.0/24. It has an IP phone GrandStream 192.168.7.152.
Registration on the PBX is configured via UDP port 40011.
The networks are connected via VPN PPTP, the routes are configured both on Mikrotik and on the PBX.
Added allow rule for Firewall

add action=accept chain=forward comment="allow SIP registration" dst-address=192.168.0.150 dst-port=40011 protocol=udp

The problem is this: the SIP account from the phone is not registered on the PBX. If you disable the rule that prohibits everything that is not allowed on Mikrotik in network A, then registration passes.
I tried to sniff traffic through WinBox (Tools -> Packet Sniffer) on a microtic from network A. All I see is that the phone is trying to reach the PBX exactly on port 40011.
How else can I check which ports need to be opened for registration?