• V20: 3CX Re-engineered. Get V20 for increased security, better call management, a new admin console and Windows softphone. Learn More.

Avoid internet access

Status
Not open for further replies.

fber

Joined
Mar 7, 2017
Messages
3
Reaction score
0
Hi!

I am evaluating an installation of 3cx V15 together with a Snom D345. Currently I would like to provision and firmware update the phone via the PBX, but it seems to me that I have to constantly work around the requirement of public FQDN access. I want all traffic to stay completely LAN local even though phones and PBX are in different subnets (we have a huge network with branch offices connecte via VPN).

For now I was able to provision the phone from a different subnet with a SBC, however I also had to change the DNS resolution in order for the public FQDN to resolve to the internal IP address of the PBX. Now the next problem is the firmware update URL which always points to downloads.3cx.com instead of the PBX URL.

Is there any way to force the whole infrastructure to stay local even though distributed over several networks? Allowing our phones to access the internet is simply not an option.

Thanks!
 
If you have branches and use the SBC then the phone will connect to the pbx via the public route as it/we assume you have no connection other then this to your PBX.

If you have an VPN between both you can remove the SBC and provision the device as local lan and all connections are made (given dns resolver returns private IP addresses) local to the pbx. Drawback is that PnP provision will not work.
 
If you have branches and use the SBC then the phone will connect to the pbx via the public route as it/we assume you have no connection other then this to your PBX.

If you have an VPN between both you can remove the SBC and provision the device as local lan and all connections are made (given dns resolver returns private IP addresses) local to the pbx. Drawback is that PnP provision will not work.

Ok, thanks for the information. But even when I use Local LAN provisioning the suggested URL points to the public FQDN. I can fix this with a DNS hack, however I don't really understand why I would want to provision via the public URL in local LAN.

Apart from that the PBX does not seem to generate a configuration at the provided URL (http://public-fqdn:5000/provisioning/12qtlj7qogo4m6/cfg{mac}). When I replace the {mac} part with the actual MAC address, nginx returns forbidden :(.
 
The link provided by the PBX depends on how you installed the system. If you used local IP address then the link will consist of the local IP address. If you used an internal DNS and set an FQDN there then the link will consist of the local FQDN. The fact that the link is http suggests that the phone is local. For remote extensions the PBX will provide you with an https link.

If the nginx returns forbidden then this would suggest that you are using the http link from a remote location and there in no local DNS entry to point your FQDN to the local IP address of the PBX. So you are trying to reach the PBX from the public IP and the nginx returns forbidden as it does not accept http connections from public locations.
 
  • Like
Reactions: fber
Status
Not open for further replies.

Getting Started - Admin

Latest Posts

Forum statistics

Threads
141,635
Messages
748,985
Members
144,753
Latest member
ChristianNetron
Get 3CX - Absolutely Free!

Link up your team and customers Phone System Live Chat Video Conferencing

Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.

3CX
A 3CX Account with that email already exists. You will be redirected to the Customer Portal to sign in or reset your password if you've forgotten it.