Accessing the FreePBX UCP
-
This post is deleted! -
@dashrender said in Accessing the FreePBX UCP:
@bigbear said in Accessing the FreePBX UCP:
Where a phone has authenticated from a public IP so should the UCP then be accessible.
Right, this is my understanding as well. But this not exposing UCP to the public. This is the responsive firewall only opening UCP for those IPs that have valid registered extensions.
And I guess my point to that is what if someone wants to log in from home and change the main menu schedule (this actually happened to me with a couple customers) and they have no phone at home so they cant log in to the admin interface.
-
@dashrender said in Accessing the FreePBX UCP:
@bigbear said in Accessing the FreePBX UCP:
I have moved entirely away from FreePBX so I have no instance to log in to ATM.
What do you use now?
(edit: deleted my last post because I replied to the incorrect comment of your last two)
Fusion PBX, Freeswitch, OpenSIPS for a few things but I am doing a multi-tenant thing. I would still agree if you want to run your own single tenant cloud PBX that FreePBX is easier in most respects.
One thing I do love about anything Freeswitch-oriented is the use of domains over IP's for a better layer of security. You can afford to allow web UI logins from anywhere for a number of attempts when the attacker has to also discover the DNS name mapped to the IP to make the attempt. I shut off an IP from a web portal login after 10 attempts.
Also for roaming mobile devices and Bria apps, etc there is no grief as there always is with FreePBX. And no updates that occasional broke my FreePBX installations.
-
@bigbear said in Accessing the FreePBX UCP:
@dashrender said in Accessing the FreePBX UCP:
@bigbear said in Accessing the FreePBX UCP:
Where a phone has authenticated from a public IP so should the UCP then be accessible.
Right, this is my understanding as well. But this not exposing UCP to the public. This is the responsive firewall only opening UCP for those IPs that have valid registered extensions.
And I guess my point to that is what if someone wants to log in from home and change the main menu schedule (this actually happened to me with a couple customers) and they have no phone at home so they cant log in to the admin interface.
Who would be doing that? That sounds like a situation that involves hourly employees, now you have other issues - i.e. people are working and you're not paying them. I know this doesn't directly give you what you want, but it's a possible side affect of what you're wanting.
-
But, if you really want anyone in your company to have UCP access, then just put it in the internet group, and you're golden. Of course, you're now opening it to the world of hackers to attack it.
So you have to weight the trade offs.
-
@dashrender said in Accessing the FreePBX UCP:
@bigbear said in Accessing the FreePBX UCP:
@dashrender said in Accessing the FreePBX UCP:
@bigbear said in Accessing the FreePBX UCP:
Where a phone has authenticated from a public IP so should the UCP then be accessible.
Right, this is my understanding as well. But this not exposing UCP to the public. This is the responsive firewall only opening UCP for those IPs that have valid registered extensions.
And I guess my point to that is what if someone wants to log in from home and change the main menu schedule (this actually happened to me with a couple customers) and they have no phone at home so they cant log in to the admin interface.
Who would be doing that? That sounds like a situation that involves hourly employees, now you have other issues - i.e. people are working and you're not paying them. I know this doesn't directly give you what you want, but it's a possible side affect of what you're wanting.
Not sure I follow. The most recent customer that comes to mind would log in from home and change the emergency number routing in Misc destinations to whomever was on call. I think they had about 80 employees.
As far as UCP goes I get asked about how to access it, or used to. I dont have any FreePBX instances anymore.
-
@dashrender said in Accessing the FreePBX UCP:
But, if you really want anyone in your company to have UCP access, then just put it in the internet group, and you're golden. Of course, you're now opening it to the world of hackers to attack it.
So you have to weight the trade offs.
If the admin and UCP portals had the responsive firewall logging failed web logins it could provide the same level of security as remote/roaming IP phones.
And forget about using a mobile phone app on your android/iphone. I havent paid attention in a couple months but that was still an issue and a common question on freepbx forums.
-
@bigbear said in Accessing the FreePBX UCP:
If the admin and UCP portals had the responsive firewall logging failed web logins it could provide the same level of security as remote/roaming IP phones.
Yeah I suppose. I guess they take a different tack - you'd only want access if you have a phone there with you to control.
But I can see the point of why you might want access while not having an extension where you are. But this obtainable via DynDNS.
