How to secure Vicidial on Public IP

How to secure Vicidial on Public IP.

Vicidial has given  many security options to secure your server as below

• White List (ViciWhite)– Blocks all access except for IPs specifically defined in a ViciDial IP List
• Black List (ViciBlack)– Block any IP specifically defined in a ViciDial IP List (Defaults to SIP/IAX/RTC)
• Dynamic List (ViciBox Dynamic Portal)– Allows agents to manually authenticate with a portal to gain access to ViciDial
• VoIPBL – Community generated list of known SIP attackers, works the same as a Black List
• GeoBlock – Block IPs based on their assigned geographical location, similar to the Black List

ViciWhite is the best method to secure your Vicidial server.

Step -1  Enable IP Lists under admin  > System Setting

 

 

 

 

 

 

 

 

 

 

 

Allow IP Lists 0 to 1

Make it 0 to 1

Click on Submit.

2- Now Click on IP Lists under admin > IP Lists

3-  Click on  ViciWhite

Now Add your IP  or allow your IP subnet

4- Now Configure your Vicibox  firewall setting  Change your interface zone from Default to Public and remove all services .

Except ssh to be safe side incase you lockdown yourself.

run command #   yast firewall

 

 

I have added also viciportal and vcportalssh to for Agent Validation to dynamically add agent IP to firewall after validation.

 

save the firewall .

5- Now  insert two entry in crontab end of the file before that comment the two lines

 

#0 */6 * * * /usr/local/bin/VB-firewall.pl --voipbl --noblack --flush --quiet
#@reboot /usr/local/bin/ipset-geoblock >/dev/null
* * * * * /usr/local/bin/VB-firewall.pl --white --quiet
@reboot  /usr/local/bin/VB-firewall.pl --white --quiet

 

Now save and exit.

Now you can check your admin and agent pages are being blocked on non ViciWhite list.

 

Your email address will not be published. Required fields are marked *