I like the direction Zulu is going and it will hopefully become the UC package containing the features we need. I have read about a mobile client coming soon, that’s great.
I just wanted to bring up some considerations for roaming remote clients and changing IP addresses when it comes to firewall security.
Traffic from the mobile phones Zulu will be running on will have to be allowed through our firewalls, but many of us users wouldn’t be comfortable opening the Zulu port (whichever one it will require) to the internet without having any whitelisting of IP addresses or FQDNs in place.
Does Sangoma, @tonyclewis, have anything specific in mind on how to address this?
I would have a few suggestions:
-
Best would be to integrate an OpenVPN client into the Zulu app, connecting to the VPN server managed in Sysadmin pro. For people with FPBX behind a NAT firewall and an off-board VPN server like us, they need this feature: https://issues.freepbx.org/browse/FREEPBX-12442?filter=-2.
-
Second best would be to integrate a DDNS client into the Zulu app, updating the IP address of the phone whenever it changes, and we could then allow FQDNs on our firewalls.
-
Responsive firewall could probably do some filtering, but for people with FPBX behind a NAT firewall not using the FPBX firewall, it would be best to not have to allow unwanted traffic to the PBX in the first place, hence option 1. and 2. would apply.
I am bringing this up now, as I know Zulu mobile is in development and we are budgeting for a potential large purchase later this year for several of our few hundred user HA installs.
Other Zulu users, please also comment on what you would need and want.
Thanks.