Hosted FreePBX setup help

I currently have an onsite FreePBX (3.211.63-7) that I am moving to a hosted solution. I am starting from scratch on the hosted solution as there are a lot of changes I want to make to the setup. The hosted box has a public IP associated with it. What do I need to do to secure this? I have already enabled SSL for the FreePBX GUI and changed the default Asterisk Manager password.

I have a static IP at the office where the phones are located. What do I need to do the Watchguard device at the office to allow the phones to communicate with the hosted FreePBX? I know this involves some port forwaring but what ports? Just the normal 5060 and 10001-20000 (I know it’s normally 10000 but I have Webmin installed so I changed the RTP range)?

I use Cisco 79x1 phones and they work great. I am not sure what I need to change in the phone config files for them to know how to work with the hosted box. I know I will need to change the DHCP option 150 on my server to point to the static address of the hosted box for phones to know where to download their config files from. Do I need to change anything on my Watchguard to allow this?

Having this hosted is all new to me so I am really not sure how to proceed. I am not a Linux buff either, I know very little about it so I usually rely on the WebUI and Webmin for pretty much all configuration changes. The hosting provider doesn’t give any documentation on setup either (

I know this is a lot to digest. I would really appreciate any help offered.


Use WinSCP, don’t install webmin.

I would simply setup a VPN to the server from your office so you don’t have any security concerns and the endpoint manager functions 100%

Any one have some insight on this? I know there are some people out there that have used or are using a hosted solution. Any info on how you got everything setup and some steps to take to make sure the system is secure would be greatly appreciated.

Please do not try to use webmin to update the system… includes SysAdmin Pro which allows you to use the updates provided by the project to update your installation. They are hosting the FreePBX Distro so most of your configuration and setup guides can be easily found in the wiki on this site. also includes the commercial endpoint manager, this allows you to easily provision your phones, and sysadmin pro allows you to enable ftp or tftp for that provisioning depending on what your phones will support.

I only use webmin for the file manager to upload/download whatever I need. My biggest concern is getting my watchguard firewall at the office setup correctly so the phones are able to register. What exactly do I need to allow incoming/outgoing for the process to work properly? Do I need to do anything other than what I listed in the original post to further secure the PBX since it is Internet facing? Is there some way to only allow connections to it from certain IP’s?

Thanks for the help so far.