How to secure Vicidial on Public IP

Updated On:

How to secure Vicidial on Public IP.

Vicidial has given  many security options to secure your server as below

• White List (ViciWhite)– Blocks all access except for IPs specifically defined in a ViciDial IP List
• Black List (ViciBlack)– Block any IP specifically defined in a ViciDial IP List (Defaults to SIP/IAX/RTC)
• Dynamic List (ViciBox Dynamic Portal)– Allows agents to manually authenticate with a portal to gain access to ViciDial
• VoIPBL – Community generated list of known SIP attackers, works the same as a Black List
• GeoBlock – Block IPs based on their assigned geographical location, similar to the Black List

ViciWhite is the best method to secure your Vicidial server.

Step -1  Enable IP Lists under admin  > System Setting

 

 

 

 

 

 

 

 

 

 

 

Allow IP Lists 0 to 1

Make it 0 to 1

Click on Submit.

2- Now Click on IP Lists under admin > IP Lists

3-  Click on  ViciWhite

Now Add your IP  or allow your IP subnet

4- Now Configure your Vicibox  firewall setting  Change your interface zone from Default to Public and remove all services .

Except ssh to be safe side incase you lockdown yourself.

run command #   yast firewall

 

 

I have added also viciportal and vcportalssh to for Agent Validation to dynamically add agent IP to firewall after validation.

 

save the firewall .

5- Now  insert two entry in crontab end of the file before that comment the two lines

 

#0 */6 * * * /usr/local/bin/VB-firewall.pl --voipbl --noblack --flush --quiet
#@reboot /usr/local/bin/ipset-geoblock >/dev/null
* * * * * /usr/local/bin/VB-firewall.pl --white --quiet
@reboot  /usr/local/bin/VB-firewall.pl --white --quiet

 

Now save and exit.

Now you can check your admin and agent pages are being blocked on non ViciWhite list.

 

Follow Us On

Leave a Comment