Network
The PBX is connected to a local network and receives the IP address that is also used to access the integrated web server for configuration.
It is possible to set up two networks with different IP address ranges.
Further help under Network interface (second)Using the network, configuration data provided by the PBX is tranferred to the connected IP telephones and DECT base stations.
Further help under ProvisioningIn order to be able to securely connect remote devices to the PBX, the PBX offers an integrated OpenVPN server.
Further help under VPNFor a CTI solution, the PBX can be connected to a local network existing of CTI server and CTI clients.
Further help under LAN TAPIMinimum requirements, basic facilities
For initial commissioning, the IP address must be assigned via DHCP (standard setting of most routers). Once the system has been commissioned, this DHCP configuration can be adapted to the network’s requirements. The following minimum requirements must be taken into account:
The basic setup requires at least a valid IPv4 configuration, including an IP address, subnet, DNS server, gateway and default internet route.
•Configuring the IPv4 address and subnet.
−Network > Interfaces > IPv4 > Mode/Global/Prefix
•Configuring gateway and standard internet route.
−Network > Routing > DHCP default gateway > IPv4
•Configuring and testing DNS server.
−Network > DNS
Firewall releases for Auerswald services
If an existing firewall blocks the communication paths of the PBX to the Internet, releases must be granted for the following addresses and ports. Otherwise, it is not possible to use the associated services and thus the correct functioning of the PBX.
For the provisioning and proxy service (COMfortel SoftPhone / COMtrexx Control Center) and for certain requests when synchronising with a Google account, the COMtrexx and the COMfortel SoftPhone 2 require access to the Auerproxy server.
Detailed information on the recommended firewall setup can be found in the Auerswald DokuWikiFurther help under SoftphonesFurther help under External accessFurther help under Contacts/LDAPFor a regular license synchronisation, the COMtrexx requires Internet access with access to the CIC and the Voucher Center. Without this synchronisation, the COMtrexx is set back to its initial state.
CIC (COMtrexx Initialisation Center) | ||
|---|---|---|
URL | IP address | Port |
cic.auerswald.de | 81.14.169.81 | 443 |
Voucher Center | ||
|---|---|---|
URL | IP address | Port |
vouchercenter.auerswald.de | 81.14.169.81 | 443 |
Further help under LicencesFor the update service, the COMtrexx requires access to the update server.
update server | ||
|---|---|---|
URL | IP address | Ports |
update.auerswald.de | 81.14.169.81 | 80 443 |
Further help under Firmware UpdateProtection against attacks through Fail2ban (IP block- and allowlist)
The PBX is protected against attacks from the network by Fail2ban. Fail2ban is software that monitors log files and searches them for predefined patterns.
If traffic from a particular IP address is judged as being too high - and therefore, probably malicious - this IP address is blocked. This means that access from this IP address to a service of the PBX is initially prevented for ten minutes (blocking time).
The blocked IP address is entered in the IP blocklist for the blocking time.
The PBX informs by means of a system message about:
•System events detected by Fail2ban
•Blocks triggered by Fail2ban
Further help under System messagesYou as the administrator must then set up suitable measures to protect the PBX within your infrastructure (e.g. via routers, bridges).
Remember that it depends on many factors whether an access is considered an attack. Even repeated »mistyping« when entering the password or a configuration error can lead to an entry in the IP blocklist.
If it is not a malicious attack, you can delete a blocked IP address from the IP blocklist again or transfer it to the IP allowlist. The IP allowlist makes it possible to exclude certain IP addresses from blocking. Enter here, for example, the IP address of the computer with which you normally configure the PBX.
IPv6 Mode
Important: The basic setup requires at least a valid IPv4 configuration, including an IP address, subnet, DNS server, gateway and default internet route. It is possible to allocate additional IPv6 addresses, but this is not strictly necessary unless your VoIP provider requires IPv6 addresses, for example for making phone calls.Configuration
•Configuring IP addresses and subnets.
−Network > Interfaces
•Configuring gateways and routes.
−Network > Routing
•Configuring and testing DNS server.
−Network > DNS
•If required, configuring HTTP proxy.
−Network > Proxy
•Making network settings for the integrated web server.
−Network > Server Service > Web server configuration
•Managing block- and allowlist.
−Network > Block- and allowlist
•Viewing port overview.
−Network > Ports