Skip to main content
PBX IP ACL Settings
Updated over a year ago

In this article, you will learn how to allow specific IP addresses to access your PBX system. Such settings will increase your network protection, minimize security risks, and prevent unauthorized access to your PBX.

  1. Log in to the CommPeak Portal.

  2. In the main menu on the left, expand Cloud PBX and click PBX Instances.

    1.png
  3. Click the Firewall Settings icon.

    2.png

The Firewall Settings pane with several tabs will open on the right. Here you can insert IP addresses to web, SIP, and Click2Call access lists and see IP addresses that are blocked.

Web ACL

Web ACL restricts access to your PBX and PBX Stats web interfaces.

To set the web access list:

  1. Click the Web ACL tab in the Firewall Settings pane.

  2. In the field under IP ACL, enter an IP address or subnet in the CIDR format. You can also enter a domain. If you use Dynamic DNS, we will resolve it to IP periodically. For more information on DynDNS, refer to the section below about Dynamic IP Addresses.

  3. Click on the plus icon (+) to add the IP address.

  4. Add all the needed IPs one by one.

  5. To temporarily disable a specific IP, toggle the button next to the IP address. To delete an IP, click on the delete icon.

  6. If you cannot whitelist all IP addresses, configure GEO ACL.

  7. Click Save Changes.

NOTE

In the examples below, we use random IP addresses from a public database.

mceclip1.png

SIP ACL

SIP ACL whitelists specific IP addresses for SIP registration, calls, CommPeak Softphone, and PBX Stats Agent Interface.

To set the SIP access list:

  1. Click the SIP ACL tab in the Firewall Settings pane.

  2. In the field under IP ACL, enter an IP address or subnet in the CIDR format. You can also enter a domain. If you use Dynamic DNS, we will resolve it to IP periodically. For more information on DynDNS, refer to the section below about Dynamic IP Addresses.

  3. Click on the plus icon (+) to add the IP address.

  4. Add all the needed IPs one by one.

  5. To temporarily disable a specific IP, toggle the button next to the IP address. To delete an IP, click on the delete icon.

  6. If you cannot whitelist all IP addresses, configure GEO ACL.

  7. Click Save Changes.

mceclip2.png

Click2Call ACL

On the Click2Call ACL tab, you set IP-based restrictions for Click2Call requests.

To set the Click2Call access list:

  1. Click the Click2Call ACL tab in the Firewall Settings pane.

  2. In the field under Click2Call ACL, enter an IP address or subnet in the CIDR format. You can also enter a domain. If you use Dynamic DNS, we will resolve it to IP periodically. For more information on DynDNS, refer to the section below about Dynamic IP Addresses.

  3. Click on the plus icon (+) to add the IP address.

  4. Add all the needed IPs one by one.

  5. To delete an IP, click on the delete icon.

  6. Click Save Changes.

mceclip0.png

Solution for Dynamic IP Addresses

You can effectively whitelist IP addresses for static IPs only. It is often a case that your Internet Service Provider gives you a dynamic IP address. It keeps changing over and over again, so you can get rejected. The Dynamic Domain Name Service (DDNS) would be a solution for you in such a case.

You can register a hostname with one of the free DDNS providers (for example, no-ip). Once registered, you obtain a domain assigned to you.

You can set up ACL for your domain in the same way. Type the domain address (a fully qualified domain name) in the field under IP ACL and click on the plus icon. After you click SAVE CHANGES, the address appears in the access list.

NOTE

Adding a domain address works for all the ACL options.

mceclip2.png

Geo ACL

Geo ACL allows any IP from countries that you can choose for both web and SIP access. When accessing your resources, the users will still need to provide their credentials.

IMPORTANT

We recommend that you opt for IP whitelisting rather than country whitelisting. Opening access to an entire geographic region can cause security risks, making it easier for malicious actors to find ways to attack your system.

Please avoid this option unless absolutely necessary (for example, if you cannot whitelist all IP addresses in any other way).

To whitelist IPs for countries:

  1. Go to the Web ACL or SIP ACL tab.

  2. Click in the field under Geo ACL to expand a list of countries.

  3. Start typing to move to a specific country, or scroll down.

  4. Select the checkbox next to the country name. Click CLEAR to clear your selection.

  5. To temporarily disable a specific country, toggle the button next to the country name. To delete a country, click in the field showing the number of countries selected, find the country name, and uncheck it.

  6. Click Save Changes.

NOTE

You can select up to 10 countries.

mceclip1.png
Did this answer your question?