On Tue, Oct 26, 2010 at 12:31 PM, Jonas Kellens <[email protected]> wrote: > Hello, > > has anyone experience with auto provisioning IP-phones on different > locations through a central public provisioning server ? You use http or > https ? > > Is there a danger that one uses a different MAC-address in the provisioning > link to obtain SIP username / password settings ? > > > Kind regards, > Jonas. > -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Andrew Latham Sent: Tuesday, October 26, 2010 10:41 AM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [asterisk-users] Auto provisioning from public server
You can provision over a WAN and access-lists or iptables can limit the networks allowed. Define what level of security you need first. For further security you can use an inbound proxy and check the http headers for agent identification. This can also be faked. Practice layers of security... ~ Andrew "lathama" Latham [email protected] To second Andrew's reply - Auto-provisioning is "generally" done in a TFTP/HTTP environment. So you will want to set up a "layered-vlan" environment using IPTABLES or whatever so you can "poke freely with constraints". The "phone" is dumb, so your network needs to be "smart"... -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
