• V20: 3CX Re-engineered. Get V20 for increased security, better call management, a new admin console and Windows softphone. Learn More.

Block WAN 3CX GUI access

CamiloF

Silver Partner
Joined
Jul 2, 2018
Messages
3
Reaction score
1
Hello,

I would like the ability to block access to the GUI from outside the network (when 3CX is on premise). Today, port 5001 is shared with other features that we would like to keep enable (don't want to just block port 5001 in my firewall).

Thanks

Camilo
 
Upvote 16
You can add some firewall rules to deal with that, if you wan't to block everything outside your LAN.

But you hit a very import port, access to the management console only from LAN, specifiy IP range or interface (if you have more than one) would be awesome. The webclient is needed for remote user, sure. But the management console? Not really, just a possible security issue.


Regards
 
You can add some firewall rules to deal with that, if you wan't to block everything outside your LAN.

But you hit a very import port, access to the management console only from LAN, specifiy IP range or interface (if you have more than one) would be awesome. The webclient is needed for remote user, sure. But the management console? Not really, just a possible security issue.


Regards

I agree, I can block access to port 5001/443 from the outside, but other features are blocked together with it. A solution I can see is not having all these features together in port 5001:
3CX client, Bridge Presence, Remote IP Phones from outside your LAN and 3CX WebMeeting functionality.
 
+1
All my remote users remote into the office anyway, so they can have the webclient open over their remote connection. I don't want the webclient or web management available outside the on premises LAN, but IP phones should still work using that port from outside.

It's a couple times a week at least that I get an email saying an IP was blacklisted for failed login attempts, and that IP is definitely not at any of our remote locations. I've thought a good solution for us might be to disable the webclient for outside use
 
Hi all,

I did this problem in an earlier idea, post-210141, "no management interface on WAN" from BayMitch.
I also vote on this one, please vote also to the other one, maybe 3CX then understand what kind of security breach this is.
 

Getting Started - Admin

Latest Posts

Forum statistics

Threads
141,631
Messages
748,959
Members
144,746
Latest member
gamingpro2131
Get 3CX - Absolutely Free!

Link up your team and customers Phone System Live Chat Video Conferencing

Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.

3CX
A 3CX Account with that email already exists. You will be redirected to the Customer Portal to sign in or reset your password if you've forgotten it.