3CX Tunnel the Presence/log/contacts rather than 80/5000/5001

Discussion in 'Ideas' started by solutechnet, Nov 13, 2015.

  1. solutechnet

    Joined:
    Oct 7, 2009
    Messages:
    6
    Likes Received:
    0
    Having to expose onto the internet the management console of the 3CX Phone server in order to get presence/log/contacts onto the 3CX Softphone that uses a tunnel for the SIP is for us a real security flaw.

    Why couldn't 3CX tunnel also provide the presence data?
     
  2. solutechnet

    Joined:
    Oct 7, 2009
    Messages:
    6
    Likes Received:
    0
    Re: 3CX Tunnel the Presence/log/contacts rather than having to port transfer 5000/5001

    I find it amazing that by default one has to expose soo mush his system for something so basic as the softphones on mobile device.

    The management console of any server is by far the most critical item one should always access through secure vpn. Here if i just want to use the basic fonctionality of the server, i have no choice then offer to anyone in the world access to the management console, the provisioning server of my phones, the reporting server.....
     
  3. solutechnet

    Joined:
    Oct 7, 2009
    Messages:
    6
    Likes Received:
    0
    Re: 3CX Tunnel the Presence/log/contacts rather than having to port transfer 5000/5001

    How do you do that when your users are on 3G and you have no idea what their IP is going to be?
     
  4. wtrbhe

    Joined:
    Oct 9, 2015
    Messages:
    22
    Likes Received:
    0
    Re: 3CX Tunnel the Presence/log/contacts rather than having to port transfer 5000/5001

    Agree to this too.
    When using IIS, you can restrict access to the application "management" to the local network or admin ip. This is better than give access to everyone, but it won't protect all the data you can find in provision folder. And the random-named root folder will even give not more protection to this. If a cellphone with the client is in a public network and someone reads the ip-packages, getting the name of that folder is very easy ...
     
  5. Nick Galea

    Nick Galea Site Admin

    Joined:
    Jun 6, 2006
    Messages:
    1,888
    Likes Received:
    190
    In v15 this is going to be much easier to do, a few more upvotes :)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. Deepest

    Joined:
    Nov 9, 2012
    Messages:
    45
    Likes Received:
    0
    +1 added
     
  7. vitaminc

    Joined:
    Feb 1, 2016
    Messages:
    18
    Likes Received:
    7
    Just upgraded to V15, still no presence/contact through the tunnel?
    Had to open Port 5001 to get it working but this is no solution because of full access to the management console.
    Do i need to create a whitelist in nginx or is there any 3cx-out-of-the-box solution?