Switchvox Access Control Admin Training

Owned by Merry Arpaia
Oct 22, 2024
2 min read

Access Control

This article is a companion document for the Switchvox Access Control video and will guide you through how to use Access Control rules and IP blocking options.

 

Access Control rules can be found in the Switchvox Administration portal under Server -> Networking -> Access Control.

Here you will find two default rules: All Networks and Local Network.

 

It is recommended that you start with all of the services on All Networks set to 'Off', only enabling services that are required from devices outside of your network. If you have a trusted network that needs access, it is better to create a new rule and only enable services for that IP address and netmask. 

 

 

By default, all services for the Local Network are enabled. It is still good practice to disable any services that are not required. 

 

 

 

 

To create a new custom rule, click on Create Access Control Rule.

 

In the sub-menu, enter the following information:

  • Rule Name- a unique name that will describe the rule.

  • Network- the IP address and netmask the rule applies to. 

  • Never Block IP- controls automatic IP blocking for this network

 

 

 

Then, enable services you want this network to have access to by setting the option to 'Yes'. The services are:

  • Web Admin Portal- the Switchvox Admin tools suite.

  • Web User Portal- the Switchvox User tools suite.

  • Admin API- API calls to Admin tools. 

  • User API- API calls to User tools.

  • Printing- printing to Switchvox, including printing files to be faxed.

  • IMAP- the Switchvox IMAP server for voicemail and faxes. 

  • XMPP Server (Jabber)- XMPP chat server traffic.

  • SIP- SIP traffic.

  • NTP- Network Time Protocol traffic. 

  • SNMP- SNMP traffic. If you want to monitor Switchvox using SNMP, make sure this service is checked. 

 

 

Once you have enabled the appropriate services, click Save Rule. 

 

 

Note: all Access Control rules are visible from the main page. Actions that can be taken from this page are Edit and Delete.

 

 

 

This allows Switchvox to automatically block an IP address that is attempting to log in to your user interfaces or registering a phone with a bad user name and password. This is based on the assumption that if someone is trying to reach Switchvox without valid login information, that person mostl likely does not have a legitimate reason to reach Switchvox. To change the options for automatic blocking, select IP Blocking Options. 

 

 

 

This allows you to set login attempts before lockout, login attempts before IP block, and number of blocked IPs from the same network to trigger and netmask block.

 

 

 

This allows you to set registration/invite attempts before IP is blocked, as well as the number of blocked IPs from the same network to trigger a netmask block. 

 

 

Note: if you wish to share blocked IP information with Digium, set the slider to 'Yes'. Once your options are set, click Save. 

 

Unable to render {include} The included page could not be found.