Note: Mobile Softphone Coming Soon!
Switchvox Public IP: 188.8.131.52
Switchvox Private IP: 192.168.1.5
SBC Public IP: 184.108.40.206
SBC Private IP #1: 192.168.1.11 (Connection to Remote Phones - Public IP Ports Forwarded to this IP)
SBC Private IP #2: 192.168.1.10 (Connection to Switchvox)
Ensure the following ports are open or forwarded to the public IP of the SBC and Switchvox.
SBC Public IP Ports
- 5060 UDP
- 10,000 to 20,000 UDP
Switchvox Public IP Ports
- 80 / 443 TCP
IMPORTANT: SBC FIRMWARE VERSION 2.3.27 IS REQUIRED FOR SWITCHVOX REMOTE CLIENT SUPPORT.
1) Go to Configuration → Routing → SIP Message Routing and create a new rule called External_swvx. Then download External_swvx.xml and copy and paste the contents into the webUI as shown below, and then save the changes.
2) Create another new rule called Internal_swvx. Then download Internal_swvx.xml and copy and paste the contents into the webUI as shown below, and then save the changes.
3) Go to Configuration → Routing → Call Routing and create a new Advanced rule (not a Basic rule). Then download advanced_external_to_swvx.xml and copy and paste the contents into the webUI as shown below, and then save the changes.
4) Go to Configuration → Routing → Call Routing and create another new Advanced rule (not a Basic rule). Then download advanced_swvx_to_external.xml and copy and paste the contents into the webUI as shown below.
Ensure you change "220.127.116.11" to the Public IP of your Switchvox (not SBC). Once done save changes.
5) Go to Configuration → IP Settings → Access Control Lists and create a new ACL called Switchvox. Set the default policy to Deny. Add the Switchvox IP as a ACL node as shown below. Ensure the policy is Allow and the prefix is 32 as shown below. Replace 192.168.1.5 with the private IP of your Switchvox.
6) Go to Configuration → Signalling → SIP Profiles and add a SIP Profile called External_swvx (ensure the E is capital, as this is case sensitive). Select the private IP that the public IP ports are forwarded to. In this example 18.104.22.168 is forwarded to 192.168.1.11. Then put the public IP of the SBC in External SIP IP Address and External RTP IP Address as shown below. Then ensure SIP Trace is enabled.
7) Next in the Authentication section disable Authenticate Calls. Then set the Network Validation ACL to IP Address as shown below.
8) In the NAT Traversal section set the options exactly as shown below. These fix all the problems NAT can cause. Since the remote D series phone can be behind any router, its important these are all enabled as shown below.
9) In Session Routing set the routing plan as shown below. As well as SIP Message Routing has to be enabled, and External_swvx needs to be set. The last step is to check off the MESSAGE sip relay allow methods. Once done save the SIP profile.
10) Create a second SIP profile called Internal_swvx as shown below. Selecting the private IP, enabling SIP trace and enabling Strict Security.
11) In the Authentication section Disable Authenticate Calls. Then move the Switchvox ACL over to the Used box for both Inbound calls, and Registrations.
12) In Session Routing set the routing plan as shown below. As well as SIP Message Routing has to be enabled, and Internal_swvx needs to be set. The last step is to check off the MESSAGE sip relay allow methods. Once done save the SIP profile.
13) Next go to Configuration → Signalling → SIP Trunks and create a new trunk called swvx_trunk (ensure its all lower case, as this is required). Set the Domain to the IP of the Switchvox, and then ensure the SIP Profile is set to Internal_swvx. Once done save the SIP trunk.
14) Next go to Configuration → Signalling → Domains and create a new domain. The Domain will be the public IP of the Switchvox (Not SBC). Put the Domain into the Display Name as shown below. Then enable forward registration. Set the forward SIP profile to Internal_swvx. Then move swvx_trunk over to the used box as shown below. Then save once done.
15) Now that the domain is made, go to Configuration → Signalling → SIP Profiles → External_swvx and click the Bind button. A popup will come up, simply select the domain made in the last step.
16) To configure the Intrusion Detection or IDS simply go to Configuration → Security → Intrusion Detection and select the following 4 rule groups as shown below. We will be isolating the webUI from the internet, so there is no need for the other rules. Once done click the update button at the bottom to save changes.
17) Next go to Configuration → Security → SIP Firewall and edit the default rule Fail_Call_Block. This rule will block any IP that fails 10 times over a 30 minute period. By default the rule only blocks for 60 minutes, but it is best to change this to forever. To do this change the Action Parameter to 0 as shown below.
This rule can be adjusted if you find there is too many users being blocked by this. Also note if you have multiple phones a remote site, the block can take down the whole site. To avoid this, put any known remote site IPs in the "Source IP White List Filter", and separate the IPs by commas if there is more than 1.
18) Next we need to do the same rule as the previous step, but this time for Registrations. Just as mentioned in the previous step you can white list IPs of known remote sites. Once done save to complete the SIP Firewall setup.
19) If you do have an IP blocked by the IDS you can go to Overview → Security → Intrusion Detection Status to see if its blocked. It will be shown at the bottom there, and you will have the ability to unblock the IP. You can also add known IPs to the Exempt list so the IDS doesn't block them. Keep in mind, the Exempt list for the IDS is different then the White list for the SIP firewall as mentioned in Step #17. You should put known remote site IPs in both locations.
20) If the IP isn't blocked by the IDS, then it can be blocked by the SIP Firewall configured in steps #17/18. If the IP is blocked you will see it in the list as shown below. You can unblock the IP by pressing the unblock button.
21) Last step to security is configuring both the webUI and SSH to only listen on the internal network. To do this go to System → Server → Web and set the Network Interface to the private network, then save changes.
22) Go to System → Server → Secure Shell to do the same for SSH. Setting the Network Interface to the private IP.
23) The SBC at this point is completely configured. Ensure you apply changes and start the SBC. Once the SBC starts take a backup as shown at https://wiki.sangoma.com/display/SBC/Backup+and+Restore, and then follow the next section to configure the Switchvox.
1) Go to Server → Networking → IP Configuration Enable Allow Nat Port Forwarding, and click the blue "Look up External IP" button, then click Insert IP Address to set the correct External IP Address as shown below.
Note: Saving the IP Configuration page will restart the software and drop all active calls.
2) Go to Server → Networking → Access Control Rules and disable everything for All Networks except enable User API as shown below. If you have remote networks that need to access extension or admin log in, and do not have a separate Access Control Rule for those networks, you must also enable Web User Portal and Web Admin Portal. Then add a new network for the SBC's Private IP with the /32 as shown below. Then enable only Never Block IPs and SIP, everything else should be disabled as shown below.
3) Go to Server → Networking → Phone Networks and edit the All Networks because remote phones can come from any remote IP address. Enable Direct Port Access, then set the Outbound proxy to the public IP of the SBC. Then set the Host Address to the public IP of the Switchvox as shown below.
4) To setup the Digium Config Server go to Setup → Phones → Digium Phones and then click on the Desk Phone Assignment Options button. Then assign a Assignment Code. This is the code you will need to enter into your D series phone to configure it.
5) Next create the First Extension by going to Setup → Extensions → Manage and then click Create Extension. On the next page select SIP Phone or SIP Adapter as shown below.
6) Next fill out the extension number, name and all other info required as shown below.
7) All configuration is now completed. You are ready to point your D series phone to the SBC's public IP. In this example the IP is 22.214.171.124. Then enter the assignment pin to configure the phone.
8) If there is any issues support will need the info up at https://wiki.sangoma.com/display/SBC/How+To+Capture+Logs when reporting an issue related to the SBC.
Mobile Softphone - Additional Steps
Note: Mobile Softphone Coming Soon! Its currently with our engineering/QA team. The steps below do not work in all scenarios.
After completely the above steps, you will need to do the following steps when deploying the mobile app for IOS/Android.
Note: These steps do not apply for the desktop app. At this time, the desktop app has to connect directly to Switchvox.
1) To enable the mobile app on a particular extension you will need to add a mobile extension. To do this go to Setup → Extensions → Manage and then find the main extension. Then click the manage phones button for the extension.
2) On the next page click the Create Phone button.
3) Select a new extension number for the mobile. Here we have chosen 600. It is best to pick a pattern such as adding 100 to the original extension if this is possible. This way its easy for everyone to know what their mobile extension is. Ensure you select the Phone as "Switchvox Mobile Softphone" so Switchvox knows you want this to be a mobile extension for IOS/Android. Once done save the changes.
4) Have the user download the IOS/Android app on their phone. The app is called Switchvox Softphone as shown below.
5) Next have the user log into their account at https://<switchvox IP>/main . Once the user logs in they should see the QR icon as shown below. Click on the icon to see the QR code, and then scan this with the app. If the QR code doesn't scan, please follow the steps at https://support.digium.com/community/s/article/How-do-I-get-the-QR-code-for-the-Switchvox-Softphone-for-iPhone to enable QR code scanning. Once the code is scanned, the app will login and register via the SBC to Switchvox.
Note: If the QR code icon isn't displayed, please go to Step 6 below.
6) If the QR was found in step 5, then skip this step. If the QR icon was not found for the particular user log into Switchvox as an Admin. Then go to Setup → Phones → Digium Phones and then go to the Mobile Soft phones tab. Find the mobile extension and press the Refresh button as shown below. This will regenerate a new QR code for the extension. Repeat step 5 above at this point. Ensure you have the user logout, and then log back in to repeat the step.
7) Once the QR code is scanned and the app logs in, then you can go to Server - Diagnostics → Connection Status and select the SIP Phones tab. Below we can see extension 600 is Registered, and the user agent shows that the device is an IOS soft phone.
8) Now the user will need to configure Call Rules to send calls to the mobile device. To do this have the user go to Features → Call Rules and then click Create Call Rule Set.
9) Name the rule, and set the time frame when the rule is used. In this example the rule will ring all extensions (Desk Phone and Mobile Phone) any time of the day.
10) Next press Create Action to make an action to ring all extensions.
11) Select the Ring All option.
12) Set the type of call to All Calls, so any call to the extension will use the rule. Then select both the Desk Phone extension (500) and the Mobile (600) extension as shown below. Next select Immediately as shown below so the rule is used right away, then save the action.
13) The result will be as shown below, this will ring both extensions right away. You can use time conditions and other more advanced features so your mobile app isn't called every time. This is a simple example showing how to ring the mobile app.
14) If there is any issues support will need the info up at https://wiki.sangoma.com/display/SBC/How+To+Capture+Logs when reporting an issue related to the SBC.