EPM and managing external subnet phones


I’m attempting to consolidate 5 FreePBX systems into one. Currently each system uses the commercial EPM to manage the endpoints on their subnets.

For the purposes of discussion let’s use these definitions:
local subnet = 10.1.2.x
far subnet = 10.6.2.x

The first step in consolidation is to assure I can use the EPM to manage the phones on these far subnets.

The local FreePBX can ping the endpoints at the far subnets.

The built-in Network Scan isn’t working to find the available phones in the remote subnet. I’m guessing it’s because the network scan uses ARP? Though, before adjusting some firewall rules to the far subnets I saw packets on port 443 getting blocked, so it would seem the network scan does try other types of network analysis besides ARP.

What is the recommended process to map extensions to the endpoints on the far subnets?

And, is it possible to use the EPM to fully manage these remote devices as if they’re on the local subnet?

Endpoints are Grandstream gxp2130/gxp2140 using recent firmware

Thanks in advance for any tips.

(Itzik) #2

Endpoint Manager is a tool to generate config files for the phone to download and import. EPM does not care if the phones are local, over VPN or WAN, you have to define the connection settings in the templates.
Regarding scanning a subnet, AFAIK, EPM uses nmap to scan the subnet and then tries to match the MAC addresses with supported vendors, it maybe even looking for more headers to get the device model etc.
nmap and other netwrok scanning tools can only get these info from the same subnet.


@PitzKey , thanks for that info.

Something I find very helpful with EPM is that it scans the network, finds the phones, lets me choose which brand, model, and template to apply. Then, under Extension Mapping, it shows me a list of those extensions along with the brand, AOR (IP info), and a button to edit that endpoint.

If I’m unable to network scan to add an endpoint to EPM, does that mean I must then manually add that endpoint via Extension Mapping > Add Extension ?

(Lorne Gaetz) #4

Yes. That or configure the device by editing the extension and adding EPM details to the ‘Other’ tab.


Thanks for that confirmation and alternative management option.

As a wrap up to this conversation. Here’s what I’ve done.

  1. Settings > EPM > Extension Mapping
  2. Add Extension
  3. Choose extension, add phone details including phone’s MAC address, selecting brand/model/etc.
  4. Save and Rebuild config
    … this should complete the necessary setup with FreePBX

Over on the other subnet, where the endpoint lives …

  1. Reset phone to factory defaults, just to start with a clean slate
  2. Wait for the phone to reboot itself
  3. Phone picks up TFTP server details from DHCP server at the remote subnet DHCP server
  4. Phone talks to TFTP server and grabs the config previously setup on the EPM

Something that had stumped me here is the variety of firewall options in-play.

FreePBX has its firewall
The local subnet has pfSense
The far subnet has pfSense

All of these needed proper holes punched through to allow communication

AND … pfSense is stateful and TFTP is not.

So, if you’re like me, you’ll need to tweak your pfSense firewall settings to activate the TFTP Proxy Helper. Look under System > Advanced > Firewall & NAT > TFTP Proxy.

(system) closed #6

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.