As US businesses and the world are taking preventative measures for the coronavirus pandemic it is important for many businesses to remain accessible to their customer base. Enabling your Sangoma Switchvox to allow staff to work from home is an easy way process with several options for your workforce.
Allowing Staff to bring Sangoma Switchvox Phones Home
If you already have desk phones and your system is configured to allow external access you may want to allow your staff to take their desk phones home with them. This has the advantage of:
- Assuring no one else uses their equipment and reducing the chance of spreading infection.
- Allows your staff to work with the existing setup and not have to ‘learn’ something new at a time where everyone is on high alert and already stressed.
- IT staff can focus on a centralized solution vs individual users, allowing rapid setup.
If your office environment uses PoE switches, you may need to provide your workers with an additional power supply for the phone. If you do not have any or are running low, give us a call and we can get you a shipment sent out.
How to enable remote users
Assure that you have adjusted your firewall to allow remote SIP access and HTTP/s access. For a detailed listing of firewall ports see the Sangoma page NAT page here: https://support.digium.com/community/s/article/Firewall-NAT-Checklist
Make sure that you authorize only allowed SIP services by IP.
Adjust the ACLs on your Switchvox to match your requirements.
The best practice is to create a new network rule for each of your remote users.
Many of you may need a faster simpler approach. You can enable SIP and optionally Web and API access for “All Networks”.
This should only be done if you have your Switchvox behind a firewall and have the proper ACL permissions on your firewall. If you have not properly secured your firewall you will be exposing your phone system to public access.
We do not recommend turning on “Never Block IP’s” at all. You should set a network rule for each remote IP address and only allow the authorized services they need to function.
With current versions of Switchvox after 7.3x you may receive a warning about allowing Web access and API access over the default “All Networks”. This is for good reason, as you really should restrict access to only authorized networks.
If you are properly managing ACLs at your firewall, and you want to avoid duplicating your work on the firewall and the Switchvox a trick is to add a new network with the network address of 0.0.0.0/0. This will allow you to disable all rules on the “All Networks”.
Phone Networks
Update the “Phone Networks” to be sure that you have a DNS name pointing to your PBX that can be reached from the public internet and properly forward to your Switchvox. You can use just an IP, however, you will have a warning about not having a proper SSL certificate. If you have properly set up your Switchvox you should have a valid SSL certificate already in place.
| Switchvox Desktop Soft phone |
Setting up your Switchvox for use with the free Desktop Softphone is a little easier.
You first need to assure that port 443 is forwarded to your Switchvox. You will need to make this change to your firewall.
Make sure to limit your firewall to only allow access from authorized sources to avoid exposing your system to the public internet.
Depending on your firewall you would enable HTTPS traffic over port 443 to only be allowed from the list of pre-authorized hostnames or IPs. For home users with dynamic IP addresses, you may find using a dynamic IP service like Duck DNS to be an administrative blessing, keeping you from having to frequently update your firewall every time a user’s IP changes. If you want more information on how to set up Duck DNS check out this post.
Next to each extension you will have 4 icons to the left. The third one allows you to manage phone assignments.
Clicking the Manage Phone icon will let you edit or assign new phones.
You have 2 options.
- Add an additional phone “Switchvox Desktop Softphone”
- Reassign the current extension to a Softphone.
If you choose to add an additional phone you will need to adjust the user’s individual call rules. For many the simple process is to just re-assign the to only a softphone.
We at VOICE1 understand that the current pandemic is stressing everyone’s resources, and time. And it is in these situations where mistakes can be easily made, important security precautions may be overlooked.
Practicing Safety
Please check the CDC for facts and preventative measures. https://www.cdc.gov/coronavirus/2019-ncov/prepare/prevention.html
| Getting additional help |
Don’t Stress! VOICE1 is here to help you get issues resolved.
All current VOICE1 clients with active support agreements, feel free to contact us to schedule setting up your remote workers.
If you are not a current client, and just need some assistance setting up teleworkers, give us a call 1-855.252.8788. For a limited time we are extending a 50% discount on support services. T help businesses prepare their staff for working
Ben has been building VoIP solutions for over 15 years, has over 25 years of Linux administration experience, and enjoys problem-solving. When he is not coding something in Python, or tinkering with some project, you can often find him wandering through the forests and parks of the Pacific Northwest enjoying waterfalls, trails, and animals.
Pingback:How to Setup Duck DNS on Windows to Allow Remote Workers | VOICE1 LLC - 1.855.252.8788