Hi,
Personally I’m using Vultr and the default firewall and from Freepbx in fail2ban I change couples settings. To connect to the GUI interface is easy. Open Putty edit your etc/ssh/sshd.conf I always change ssh port to 222 for exemple. I also use my own ssh_keys. I remove password authentication. I create a new user and add to ssh.conf. also remove root user. when you done with sshd.config restart the services and open a new terminal to make sure you can log with your new user.
If you done that correctly you should be able to connect with your own username and ssh_key but not with Root.
And in putty you can run a localhost:5000 (hosted_ip_server:80) pointing to your actual hosted server and you reach to the login page of freePBX.
Let me know if someone have a better suggestion.
And all done.