Easy: Create a PIN-protected Outbound Route, with CallerID matching the ‘public’ extensions, placed after your Emergency routes but before any external routes. This will prevent someone without the PIN from making external calls, but will still allow calls to internal extensions.
To block internal calls, your options include:
Class of Service module (paid)
Custom Contexts module (free but not supported)
Write your own custom context (may involve some learning)
Depending on the device and your numbering plan, you may be able to set the dialplan in the phone to block internal calls.
Cool, I’m trying the “easy” solution first as it will help to protect from misuse that can cost $$. Internal call blocking is more about nuisance control.
I duplicated the outbound route and basically removed all lines except for one that had the internal extension in the callerid field. There doesn’t appear to be any regex so I’m guessing one line for every extension? What’s discouraging is that my dial plan has about 13 entries, in order for my routes to work I’d have to create/duplicate those lines for each internal extension. I’ll need to find out if there is a textual version of this config and manually create it as it will grow unwieldy quickly. I might have to rethink some of these routes too.
Testing with a PIN set and a simplified version of a dial plan (just matching NxxNxxxxxx) seems to work. Password prompt has the first bit of audio missing, so you hear “ease enter your password”…I might need to see if a can tweak a apause somewhere.
I’ll keep trying to work things out and post here.