Security
The Security tab contains settings to protect an extension. Here you configure SIP security options, call restrictions, outbound route permissions, and login security.
Access the Security Tab
- Log in to the Cloud PBX administration portal.
- Navigate to Extension and Trunk > Extension.
- Click the edit icon next to the desired extension.
- Select the Security tab.
SIP Security
Configure the SIP registration security for this extension:
SIP User Agent Identification
| Option | Description |
|---|---|
| Enable User Agent Registration Authorization | When enabled, the PBX checks the User-Agent header of the endpoint during SIP registration. Only devices with an approved user agent can register. This prevents unauthorized SIP clients from registering. |
SIP Registration IP Restriction
| Option | Description |
|---|---|
| Enable IP Restriction | When enabled, the extension can only register from specific IP addresses or IP ranges. After enabling, enter the permitted IP addresses. |
Call Restrictions
Restrict outbound calls for this extension:
| Option | Description |
|---|---|
| Disable Outbound Calls | When enabled, the extension cannot make any outbound calls. |
| Disable Outbound Calls Outside Business Hours | When enabled, the extension cannot make outbound calls outside the configured business hours. |
| Disallow International Calls | When enabled, outbound international calls are blocked for this extension. |
| Outbound Call Frequency Restriction | Select a rule to limit call frequency. This restricts how many outbound calls the extension can make within a given time period. |
| Max Outbound Call Duration (s) * | The maximum duration of an outbound call in seconds. [Follow System] uses the system-wide setting. |
Outbound Route Permission
Define which outbound routes (trunks) this extension is allowed to use:
Use the dual list to move routes between Available and Selected. Only the selected routes are available to the extension for outbound calls. Use the arrow buttons on the right to change the priority of the selected routes.
Login Security
Configure additional security options for user login:
| Option | Description |
|---|---|
| Two-Factor Authentication | When enabled, the user must provide a second factor in addition to the password when logging in (e.g., a code from an authenticator app). This setting can only be enabled by an administrator when 2FA is configured system-wide. |
| User must change password periodically | When enabled, the user is prompted to change their password at regular intervals. |
Important Notes
- IP Restriction: Use this feature with caution. If the user's IP address changes (e.g., when working from home or on mobile), they will be unable to register until the new IP address is added.
- International Calls: Blocking international calls is an effective measure against toll fraud. Enable this option for extensions that do not need to make international calls.
- Outbound Routes: By default, an extension has access to all available outbound routes. Restrict the permission to control which trunks the extension can use for outbound calls.
- Two-Factor Authentication: 2FA must first be configured system-wide under Security > Security Settings before it can be enabled per extension.
- Call Frequency: Call frequency restriction rules help detect unusual calling behavior and prevent automated calls.
Comments
0 comments
Article is closed for comments.