Spent the last hour reading various posts about setting this up without finding a definitive document.
We want to use Sangoma zero-touch with provisioning over https only with provision authentication.
We have a cert for a host name that’s valid on the WAN and LAN sides. Added the phone to portal.sangoma.com and selected a deployment redirection type. No option 66 set in DHCP. Test phone is on-LAN with the system, and the LAN subnet is trusted in the responsive firewall.
Defaulted phone boots and connects to rs.sangoma.com but doesn’t pull firmware or a config. After a reboot it’s just sitting with History, Directory, and Menu softkeys along the bottom and no line keys.
Do we have the manual IP/FQDN ZTC method if we are requiring provisioning auth?
Thank you, @sorevani. I had already gone ahead and switched to IP/FQDN yesterday and can confirm that it did work. This is a slick system…just request that the documentation in the wiki would get updated so there is a bit less floundering trying to use it.
I still have misgivings about exposing SIP and RTP ports to the entire internet, and am just hoping that the responsive firewall does its job well.
RTP ports are really only likely to be compromised by a ManInTheMiddle attack (inside your LAN) decoding your super secret voice calls if un-encryted.
You can choose any of over 63000 ports and any of at least four protocols two of which are encrypted and require a properly certified domain name (ip addresses won’t work) and all are filterable for just ‘good guys’ for opening SIP sessions.