We have a few Polycom IP331 here and I’m trying to make it so the phones don’t need any manual communication at all.
The way I understood it is that the DHCP server needs to inform the phone upon connection of the TFTP address.
Therefore, in pfSense, here’s what I did:
System > Advanced > Firewall and NAT > Choose the interfaces where you want TFTP proxy helper to be enabled : LAN
Services > DHCP server > TFTP server : LAN IP of my FreePBX server
It does not work… If i boot a IP331 it will not find the provisioning server.
If I type in the IP of the FreePBX server manually into the phone, then the rest of the process will go accordingly.
(so the provisioning server DOES work)
I tried posting on a pfSense forum and they have no idea what I’m talking about.
That’s why I turned to this forum, hoping someone had some experience with pfSense
But I just found a “workaround”
It’s not a work around per say, I just mean that I don’t use the default TFTP protocol but instead HTTP
I’m not sure about the implications of that so if that’s not a good idea please let me know why.
Anyway I just thought I’d post for someone looking to do the same thing as me.
Step 1 : FreePBX > End Point Configuration Manager > Advanced Settings > Settings
Change TFTP to HTTP
Step 2 : pfSense > Services > DHCP server > Additional BOOTP/DHCP Options
Add option 66 with TEXT : http://XXX/provisioning/p.php/
Where XXX is your FreePBX server IP.
Now you can even format completely a Polycom phone and it will boot by itself, then find the provisioning server using DHCP, download firmware, configure and VOILÀ.
PfSense (for some strange reason) requires you to create a specific TFTP out rule from LAN to WAN. the generic allow all out rule doesn’t get the job done, yeah, weird.
I’ve got over a dozen clients with PfSense firewalls getting phone configs from a “cloud” based provisioning server. You need that firewall rule
add TFTP LAN outbound rule (to allow IP phone configuration retrieval)
pass
LAN
IPv4
UDP
LAN net
any
TFTP
allow TFTP out rule
