Avoid internet access

Discussion in '3CX Phone System - General' started by fber, Mar 7, 2017.

Thread Status:
Not open for further replies.
  1. fber

    Joined:
    Mar 7, 2017
    Messages:
    4
    Likes Received:
    0
    Hi!

    I am evaluating an installation of 3cx V15 together with a Snom D345. Currently I would like to provision and firmware update the phone via the PBX, but it seems to me that I have to constantly work around the requirement of public FQDN access. I want all traffic to stay completely LAN local even though phones and PBX are in different subnets (we have a huge network with branch offices connecte via VPN).

    For now I was able to provision the phone from a different subnet with a SBC, however I also had to change the DNS resolution in order for the public FQDN to resolve to the internal IP address of the PBX. Now the next problem is the firmware update URL which always points to downloads.3cx.com instead of the PBX URL.

    Is there any way to force the whole infrastructure to stay local even though distributed over several networks? Allowing our phones to access the internet is simply not an option.

    Thanks!
     
  2. StefanW

    StefanW Head of Customer Support and Training
    Staff Member 3CX Support

    Joined:
    Jun 2, 2009
    Messages:
    1,199
    Likes Received:
    79
    If you have branches and use the SBC then the phone will connect to the pbx via the public route as it/we assume you have no connection other then this to your PBX.

    If you have an VPN between both you can remove the SBC and provision the device as local lan and all connections are made (given dns resolver returns private IP addresses) local to the pbx. Drawback is that PnP provision will not work.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. fber

    Joined:
    Mar 7, 2017
    Messages:
    4
    Likes Received:
    0
    Ok, thanks for the information. But even when I use Local LAN provisioning the suggested URL points to the public FQDN. I can fix this with a DNS hack, however I don't really understand why I would want to provision via the public URL in local LAN.

    Apart from that the PBX does not seem to generate a configuration at the provided URL (http://public-fqdn:5000/provisioning/12qtlj7qogo4m6/cfg{mac}). When I replace the {mac} part with the actual MAC address, nginx returns forbidden :(.
     
  4. YiannisH_3CX

    YiannisH_3CX Support Team
    Staff Member 3CX Support

    Joined:
    May 10, 2016
    Messages:
    4,408
    Likes Received:
    282
    The link provided by the PBX depends on how you installed the system. If you used local IP address then the link will consist of the local IP address. If you used an internal DNS and set an FQDN there then the link will consist of the local FQDN. The fact that the link is http suggests that the phone is local. For remote extensions the PBX will provide you with an https link.

    If the nginx returns forbidden then this would suggest that you are using the http link from a remote location and there in no local DNS entry to point your FQDN to the local IP address of the PBX. So you are trying to reach the PBX from the public IP and the nginx returns forbidden as it does not accept http connections from public locations.
     
    fber likes this.
Thread Status:
Not open for further replies.