only IP instead of FQDN

Discussion in '3CX Phone System - General' started by dersimon, Jun 29, 2017.

Thread Status:
Not open for further replies.
  1. dersimon

    Joined:
    Jun 29, 2017
    Messages:
    3
    Likes Received:
    0
    hey,

    is it possible at all to just use IPs with 3CX 15.5 and not have a publicly available DNS entry at all?
    What would happen if I just release the FQDN in the customer portal and leave it like that?

    And on another subject: Do I really need to open port 5001 on the firewall if I want outside clients to use core features like presence? Shouldn't that be possible over the tunnel?

    Thanks in advance.
     
  2. StefanW

    StefanW Head of Customer Support and Training
    Staff Member 3CX Support

    Joined:
    Jun 2, 2009
    Messages:
    1,199
    Likes Received:
    79
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. dersimon

    Joined:
    Jun 29, 2017
    Messages:
    3
    Likes Received:
    0
    It's just a general precaution not to have company IPs publicly known.
    So what exactly needs SSL connections with valid certs? Local clients work perfectly via IP, so why wouldn't external ones?
     
  4. dersimon

    Joined:
    Jun 29, 2017
    Messages:
    3
    Likes Received:
    0
    So to clarify: I don't want the webclient and especially not the management portal publicly available anyways, if that's the problem.
    Those are limited to local IPs in the nginx config (I just hope that this doesn't get overwritten in some update. btw, an easier solution to that would be appreciated)

    So that being said, is there anything else that would make problems if I just released that dns entry?
    At least my Android Client works just as well with the IP instead of the DNS entry.
     
  5. SECOIT GmbH

    Joined:
    Apr 3, 2017
    Messages:
    63
    Likes Received:
    18
    Probably not with 3CX but otherwise that is possible of course. Some devices/browsers might struggle so the IP address should be in both the CN and one SAN field of the certificate. Several well-known CAs allow certificates with IP address as a CN.

    Besides that...
    Well, if anyone in this company is using a web browser and and a search engine, social media, web shop, etc. the IPs are widely known anyway. There is a lot profiling done in the background ("big data") and tons of databases will have the connection between your company and it's public IP addresses.
    Also the internet is constantly being scanned by a massive amount of bots that walk through the IP ranges. So appropriate protection is required anyway.

    So when you are using a FQDN provided by 3CX there will be an additional entry in a DNS server somehwere (plus downstream ones contacting the primary DNS) and likely also a link somewhere at 3CX (which will be there anyway when your system is contacting 3CX servers for license validation).
    Will that bring any additional risk to your company compared to what is already constantly being collected elsewhere anyway? I strongly doubt so.

    So if I was you I'd rather stick with the system design and don't risk running into support issues later on.

    Sorry for not answering your question though...
    I simply don't know if you can run a 3CX w/o FQDN but since it's a official requirement you might end up w/o support even if you make it working.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Thread Status:
Not open for further replies.