Network
The PBX is connected to a local network and receives the IP address that is also used to access the integrated web server for configuration.
Please refer to the PBX Instruction for instructions about how to set up the network connection.The PBX connects different communication nets with each other.
Further help under VoIP telephonyIt is possible to set up two networks with different IP address ranges. Requirement:
•COMtrexx Business: Upgrade with a NET-Modul
•COMtrexx Flex: Upgrade with a COMtrexx Flex GbE NET Module
•COMtrexx VM: Installation of a second network adapter/card
Further help under COMtrexx hardware variantsFurther help under COMtrexx VM variantsFurther help under Network interface (second)Using the network, configuration data provided by the PBX is tranferred to the connected IP telephones and DECT base stations.
Further help under ProvisioningIn order to be able to securely connect remote devices to the PBX, the PBX offers an integrated OpenVPN server.
Further help under VPNFor a CTI solution, the PBX can be connected to a local network existing of CTI server and CTI clients.
Further help under LAN TAPIFirewall releases for Auerswald services
If an existing firewall blocks the communication paths of the PBX to the Internet, releases must be granted for the following addresses and ports. Otherwise, it is not possible to use the associated services and thus the correct functioning of the PBX.
For a regular license synchronisation, the COMtrexx requires Internet access with access to the CIC and the Voucher Center. Without this synchronisation, the COMtrexx is set back to its initial state.
CIC (COMtrexx Initialisation Center) | ||
|---|---|---|
URL | IP address | Port |
cic.auerswald.de | 81.14.169.81 | 443 |
Voucher Center | ||
|---|---|---|
URL | IP address | Port |
vouchercenter.auerswald.de | 81.14.169.81 | 443 |
Further help under LicencesFor the provisioning and proxy service (COMfortel SoftPhone / COMtrexx Control Center) and for certain requests when synchronising with a Google account, the COMtrexx and the COMfortel SoftPhones require access to the Auerproxy server.
Auerproxy server addresses (from the point of view of the COMtrexx) | ||
|---|---|---|
URL | IPv4 addresses | IPv6 addresses |
proxy.auerproxy.de | 217.160.243.101 217.160.53.117 82.165.222.120 51.195.61.214 62.141.42.112 | 2a01:239:2c1:d700::1 2001:8d8:1800:853c::1 2001:8d8:1801:85f1::1 2001:41d0:700:43d6::1 2001:4ba0:fff1:5b::1 |
Auerproxy server addresses (from the point of view of the COMfortel SoftPhone) | ||
|---|---|---|
URL | IPv4 addresses | IPv6 addresses |
proxy.auerproxy.de | 217.160.243.231 217.160.145.158 82.165.223.124 51.38.111.71 5.199.139.211 | 2a01:239:2c1:d700::2 2001:8d8:1800:853c::2 2001:8d8:1801:85f1::2 2001:41d0:700:43d6::2 2001:4ba0:fff1:5b::2 |
Auerproxy server ports | ||
|---|---|---|
TCP | UDP | Use |
10000-65535 3478/3479 4433 443 5060/5061 53 80 843 | 10000-65535 3478/3479 - - 5060/5061 53 - - | RTP/SRTP STUN Provisioning HTTPS SIP/SIPS DNS HTTP (HTTPS is enforced) COMtrexx Control Center / COMfortel SoftPhone 2 for API access / Google Sync Token |
Further help under SoftphoneFurther help under External accessFurther help under Contacts/LDAPFor the update service, the COMtrexx requires access to the update server.
update server | ||
|---|---|---|
URL | IP address | Ports |
update.auerswald.de | 81.14.169.81 | 80 443 |
Further help under Firmware UpdateProtection against attacks through Fail2ban (IP block- and allowlist)
The PBX is protected against attacks from the network by Fail2ban. Fail2ban is software that monitors log files and searches them for predefined patterns.
If traffic from a particular IP address is judged as being too high - and therefore, probably malicious - this IP address is blocked. This means that access from this IP address to a service of the PBX is initially prevented for ten minutes (blocking time).
The blocked IP address is entered in the IP blocklist for the blocking time.
The PBX informs by means of a system message about:
•System events detected by Fail2ban
•Blocks triggered by Fail2ban
Further help under System messagesYou as the administrator must then set up suitable measures to protect the PBX within your infrastructure (e.g. via routers, bridges).
Remember that it depends on many factors whether an access is considered an attack. Even repeated »mistyping« when entering the password or a configuration error can lead to an entry in the IP blocklist.
If it is not a malicious attack, you can delete a blocked IP address from the IP blocklist again or transfer it to the IP allowlist. The IP allowlist makes it possible to exclude certain IP addresses from blocking. Enter here, for example, the IP address of the computer with which you normally configure the PBX.
IPv6 Mode
If IPv6 is configured, an IP address complying with version 6 of the Internet protocol can be assigned to the PBX. Due to the greater length of IPv6 addresses (eight blocks with four digits each, example: 3001:00FF:ABC0:0EAC:0001:0000:0000:000F), IPv6 offers a greater number of available IP addresses than version 4 of the Internet protocol (IPv4).
Configuration
•Configuring identification data.
−Administration > Network > IP configuration > IP configuration
•If required, configuring IPv6 of the identification data.
−Administration > Network > IP configuration > IP configuration > IPv6 configuration >
•Configuring and testing DNS server.
−Administration > Network > IP configuration > DNS configuration
•If required, configuring HTTP proxy.
−Administration > Network > IP configuration > HTTP proxy configuration
•Making network settings for the integrated web server.
−Administration > Network > Server service > Web server configuration
•Managing block- and allowlist.
−Administration > Network > IP block- and allowlist
•Viewing port overview.
−Administration > Network > Ports