What is the good way to avoid exposing the PBX (as it’s in the Cloud) to the hackers please?
What happening:
each day, more than 50 agents are connecting to the VitXi Softphone to make and receive calls
usually, many of them sometime try wrong password and their IP get banned, after that, they nolonger have access, this happens many times in each day
To avoid having to go and whitelist IPs every time, sometime we decide to desable the firewall, i understand that this is very bad but i do this to let people not have breaks in their work.
Is there any safe way to keep keep the firewall Active and avoid agents to be everytime banned?
Do we need a SBC?
Do you have your VitalPBX box NAT’d behind a real Hardware Firewall and or behind a virtual firewall in the cloud? if you do, what I would do, is create a rule to ONLY allow your Gateway provider to your VitalPBX. ALL OTHER CONNECTIONS are dropped. that way the connection is dropped from the NAT BEFORE they even get to your VitalPBX box. So the rule should say only allow connections from the gateway provider and only allow what is EXACTLY needed for the gateway provider to function with your PBX, so all needed SIP/RTP ports. I don’t believe in turning on the software firewall on VitalPBX or any PBX Server and making the box live on the Internet. It really should always be NAT’d behind an enterprise firewall, Virtual or Otherwise. Let your NAT’ing do that, and then only allow your gateway provider to the box.