So i just purchased EPM and added a new brand for Polycom.
There is a line that says “Provision Server Portocol” but there a no options listed to select.
I went in and added other brands just to verify if they listed options and they do.
Am i missing something? Does Polycom not require this option?
You will need to enable tftp and/or ftp in System Admin Pro. If you don’t have System Admin pro, you can manually configure the services and use the custom provisioning URL.
So there is no option to use HTTP like the other brands?
I was wanting to use http.
Not for Polycom, historically they did not support provisioning over http.
Okay, I will give tftp a try.
Does polycom support FTP or just tftp?
So I went back into my System Admin> Provisioning Protocol and enabled TFTP, also left HTTP configured with UN & PW.
Logged into my Polycom VVX400 and told it to use tftp and still can’t get it to pull EPM config.
Any other thoughts.
I have a Sangoma phone working fine via “http”
Out of the box, Polycom phones are set to ftp. You will have to manually change this on the phone or through the GUI of the phone. I would go ahead and point the phone to the provisioning server address also.
Yes i logged into the gui of the phone went to provisioning server
Changed Server Type to TFTP
set the IP
removed server user and password.
Also under DHCP Menu changed boot server to: Static.
Still no go.
In the Polycom advanced configuration, make sure you set the provisioning server protocol for TFTP and enter your IP address of your FBSD server. In FreeBSD EPM, make sure you have the correct MAC address and template assigned to the extension. Save and rebuild the configuration. Reboot the phone, and it should pick up the configuration. If it still does not work, look in your \tftpboot directory (Use WinSCP on your Windows computer) and make sure you have entries for the phone’s MAC address in the directory. It should work. After you get the phone to communicate, the next thing you want to do is download new firmware (in Firmware Management) and assign the firmware in your EPM template. Then reboot the phone so that it updates the firmware.
I have a polycom vvx 410 and it won’t upgrade firmware using tftp. It downloads and hangs every time. Switch the phone manually to use http provisioning information that epm can do automatically for other phone manufacturers and it flew through the upgrade and provisioned fine. So something in the new polycoms does not like tftp provisioning for firmware upgrades.
I don’t have that problem, but you would need to enable port 69 (both ways) through your firewall from any device that tries to use it, (probably a really bad idea as the T in tftp means “Trivial” and the ‘device’ might be not a good guy)
I suggest you just use https (and have valid certificates deployed)
I use HTTP provisioning on all polycom phones (Mainly 550’s). You have to manually add it on the phones but it also works better once you get it working.
most stateful firewalls include helpers for tftp so there is no need to open port 69 in both directions. Also, firewalling off to a single IP address can help secure tftp also. tftp works in the environment perfectly fine, the polycom vvx 410’s just won’t firmware upgrade via tftp. http really needs to be added to EPM for newer polycoms.
The trouble with tftp is it is done over UDP and thus connectionless, thus impossible to track, you don’t know who is calling and it is easy to spoof such connections using your firewalls IP address. Asking for sip.cfg (of any flavor) or any other non mac based phone specific file is a likely target and the directories below root are easy to guess in a VOIP server, often these files leak all sorts of info you don’t want to leak.
FTP(S) and HTTP(S) both can be configured with another layer (user/pass) and further firewall based port scanning or other IDS detections of nefarious uses of said connection(s) that is harder to penetrate. and the S version eliminates for the most part MITM attacks, Some call this “belt and braces”, The more you have keeping your trousers up the more secure you are likely to actually be. Nothing is totally secure and sooner or later your pants WILL fall down