From your VOIP vendor website or contact, get a list of required communication protocols/ports and ip addresses.
In the SRX web interface go to
Security > Security Policy
Change the zones from trust to untrust
Select and edit the existing allow all outbound rule to use the list of protocols/ports and ip addresses from your vendor instead.
Save these changes and on the top menu choose:
actiions > commit
Now the only traffic outbound permitted is what is needed by the VOIP system no other communications will work.