Please help with clarifications to the following doubts and concerns:
1.- Since VitalPBX Connect is a service that is published on the Internet, it is necessary to protect it, access to VitalPBX and even access to the client’s own network (voice vlan). We have thought about using a combination of the Firewall and the GeoFirewall, but we have these doubts:
* If we use white/black lists for connection to Vital. How to handle a user who travels to another region of the country? Obviously we will not know which IP@ will be used, so although white/black lists are an option, managing that becomes impractical.
* Yes, in addition to the lists, we use GeoFirewall to block connections that come from other countries outside of Bolivia, but there we stumble upon the function of the company, which is like a commercial manager at a regional level, so its directors travel almost everywhere , and countries would also have to be blocked and unblocked; This without taking into account that there are also local and national hackers, where the Geofirewall loses effectiveness.
2.- What do you recommend using to publish the VitalPBX Connect service in a secure and controlled way?
3.- In case the company where VitalPBX is installed has a couple of points of presence where it might need IP phones. We understand that using a phone that supports VPN, we could establish a connection against the VitalPBX using the OpenVPN add-on. What should I use to establish a secure connection against VitalPBX, if we don’t want to use VPN
We look forward to your comments, clarifications and/or responses.
Very grateful in advance.
LFM