I’m testing out the Sangoma Talk app. My new FreePBX server is behind a pfSense firewall. I would like to only port forward the IP and hostnames that are necessary to make this function. From what I read Acrobits is the app maker and hosts the backend to make this work.
I’ve found this allow list below and also one from Acrobits. However, I’m still not able to get the talk app to make or receive calls consistently. When I allow “any IP source” to be forwarded it works perfectly. Is there another list of IP addresses that are current? Am I missing something?
I don’t have FreePBX firewall enabled and have checked to make sure fail2ban is not blocking anything.
I’ve added all of these to allow list:
You must allow inbound SIP/RTP for all of the cloud push servers as well as the source IP the client is connecting from.
The source IP of the cell phone that the client is using must be the missing piece. I don’t know a good way to update the IP address of the client as it moves around on cell towers. Maybe a DDNS updater app for the phone but I don’t know if it will update quickly enough.
If I enable FreePBX firewall should that be enough to protect my PBX?
The safest way to handle this, given that you won’t know what IP a cell phone user will ever have, would be to enable the PBX Responsive Firewall on top of not using standard SIP ports for your inbound SIP connections. Maybe even moving SIP from UDP to TCP.
Just come up with a random high number to use in your system and do all of your SIP signaling on that instead.
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.