Yealink Forums
IP security (filtering) - Printable Version

+- Yealink Forums (http://forum.yealink.com/forum)
+-- Forum: IP Phone Series (/forumdisplay.php?fid=4)
+--- Forum: Configuration (/forumdisplay.php?fid=24)
+--- Thread: IP security (filtering) (/showthread.php?tid=628)



IP security (filtering) - Com1 - 07-13-2013 05:17 AM

Hi,

We have several phones which are at remote locations using the internet to connect to our customers PBX. Unfortunately we are not able to configure (SSL) VPN between the remotes and the hub site.

On the hub site (PBX) we configured IP filtering to make sure we only allow SIP sessions between the remotes and the hub.

On the remote sites we are only able to configure filtering if we put a firewall between the internet and the phone. We agree that this is the preferred solution, but there must be a simpler way of doing this. For now we only have a NAT configuration.

We have several remote sites which are under "attack" quite often and we want to filter any traffic which is not coming from our PBX.

Is it possible to configure an IP filter on the Yealink phones which allows for local management (private subnets) and one or more public IP addresses?

To our opinion this would be a very simple but effective way of securing the remote phones.

Best regards,

Bas


RE: IP security (filtering) - Yealink Support - 07-15-2013 03:42 PM

Hi Bas,
Do you mean you just want the phone to accept the message only from PBX?
If yes, please let us know what's the model and firmware are you using?
If you are using our latest T2X V70 firmware, please use below auto provisioning parameter to enable this feature.
--------------------------
#!version:1.0.0.1
account.1.sip_trust_ctrl = 1
--------------------------

If you are using V61 or V60 firmware, please use this parameter:
--------------------------
[ account ]
path = /config/voip/sipAccount0.cfg
SIPTrustCtrl = 1
--------------------------

Thanks.


RE: IP security (filtering) - Com1 - 07-16-2013 04:11 AM

(07-15-2013 03:42 PM)Yealink Support Wrote:  Hi Bas,
Do you mean you just want the phone to accept the message only from PBX?
If yes, please let us know what's the model and firmware are you using?
If you are using our latest T2X V70 firmware, please use below auto provisioning parameter to enable this feature.
--------------------------
#!version:1.0.0.1
account.1.sip_trust_ctrl = 1
--------------------------

If you are using V61 or V60 firmware, please use this parameter:
--------------------------
[ account ]
path = /config/voip/sipAccount0.cfg
SIPTrustCtrl = 1
--------------------------

Thanks.

Hi,

Thanks for your quick response. We are using T26 and T28's with 3CX in this setup. Is the v70 firmware also compatible with 3CX?
We will check this config as soon as possible!

Is this a setting that can only be changed in a configfile or will there also be a possibility to change this using the webinterface?

Regards,

Bas


RE: IP security (filtering) - Yealink Support - 07-16-2013 03:28 PM

Hi Bas,
1.Yes, you can see in our website:
http://www.yealink.com/SupportDownloadfiles_detail.aspx?CateId=184&flag=142
2.70.0.103 (Supported by 3CX Phone System)
2. Currently this setting can be only config by the config file, sorry.
Thanks.


RE: IP security (filtering) - freddyco@gmail.com - 11-22-2013 11:21 PM

Hello,

For the phone only accept the message notify only from PBX (registered). I tried the parameter but does not work. In the version of firmware V 9.71.0.140 for model T-20p.

There is another parameter to be added?

# version: 1.0.0.1
account.1.sip_trust_ctrl = 1



(07-16-2013 03:28 PM)Yealink Support Wrote:  Hi Bas,
1.Yes, you can see in our website:
http://www.yealink.com/SupportDownloadfiles_detail.aspx?CateId=184&flag=142
2.70.0.103 (Supported by 3CX Phone System)
2. Currently this setting can be only config by the config file, sorry.
Thanks.



RE: IP security (filtering) - Yealink Support - 11-25-2013 05:59 PM

Hi freddyco@gmail.com,

You can also disable the ip call option.
----------------------------------------------------------------------------------
#!version:1.0.0.1

#Enable or disable the phone to dial the IP address directly; 0-Disabled, 1-Enabled (default);
features.direct_ip_call_enable = 0
----------------------------------------------------------------------------------