When the system firewall is turned on, phones external to our network are unable to autoprovision via HTTPS. As soon as we disable the system firewall, they are able to autoprovision. We’ve tried setting the HTTPS autoprovisioning service in the firewall to Local, Other, and Internet, and it doesn’t work on any of those settings.
What is the proper setting to allow HTTPS provisioning through the firewall?
Generically, on any firewall, allow 443 bidirectionally between your PBX and your client’s networks
We’re using a custom port and not 443 so it shouldn’t be interfering with anything else using 443 (not sure if this applies to your answer but wanted to say it just in case)
The client networks are all unrestricted for outbound data so I don’t understand why any bi-directional traffic rules are needed. If disabling the firewall on the PBX side makes everything work, then it proves there is no restriction on their side.
Are your phones aware that they need to be using a “custom port” for provisioning ?
given there address on the internet do they get allowed through
iptables -L -n
to your “custom port” ?
I’ll try that command.
Does the firewall not recognize the custom port automatically when setting it in Freepbx?
Go into the Firewall, click on the Services option in the right side menu. Go the “Extra Services” tab, setup your HTTPS Provisioning zones there.
That’s what I wrote about in my original post. I had mentioned trying internet, local, and other.
Don’t know, don’t use that firewall, sorry. (mine works though 
)
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.