• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 627
  • Last Modified:

Switchvox - Does it have a firewall?


  One of my clients has been looking into Switchvox, for use with SIP.  Because some phones would be connecting across the WAN, I would like to put the Switchvox on a public static address.  From what I am being told, there is no way for me to access the firewall functions of the underlying Linux distro.  

Is there a way for me to close and open ports on the nic of the Switchvox?  I would like to only open the standard 5060 ; 10000-2000 ; and possibly a couple non standard ports, but keep everything else closed.

I find it hard to believe that there is no way to do this, which forces you to put the device behind a NAT, which SIP does not work well with.  Seems very illogical.
2 Solutions
nociSoftware EngineerCommented:
well have you tried with nmap if there are any other ports open?

If no one is listening on another port then the attack surface doesn't change, firewall or not.
Here's a post which does describe a way to get to the root console on the system, but it's really designed to be an appliance with all configuration via the web interface.


If you find that you're unable to do this with switchvox, the AstLinux project has a nice setup with full firewall and several vpn options.  It would be preferable to set up Snom phones which have OpenVPN capabilities to having open sip ports.

http://www.astlinux.org  We include the Asterisk-gui (2.0) as well as a basic web interface to access firewall and other system settings.  We're close to our next release so I would suggest getting on the mailing list before installing the available install files from the Sourceforge site.
jkocklerAuthor Commented:
Does AstLinux have a dialer option?  If so, is there a way to run the dialer with allowguest=no ?
NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

AstLinux is very basic compared to Switchvox.  You would need to use a 3rd party application that can interface with a generic Asterisk install.  There are several out there.  Switchvox is a very nice packaged system.  Astlinux is designed to be used by someone who needs and wants more under the hood control.  It's not for everyone, but if you are willing to dig under the hood and learn some of the underlying components, it should serve you well.  It's also designed to run on embedded type hardware making it less prone to hardware failure.
jkocklerAuthor Commented:
cool.  Normally I just run straight asterisk, but the switchvox was something a client of mine purchased and wants me to support.  Fine with me!  lol ...
I have your answer. We've deployed many switchvoxes.>  From what I am being told, there is no way for me to access the firewall functions of the underlying Linux distro.  That is 100% correct. There is no shell access and no access from the GUI. >FirewallThe distro is hardened and does not list have any extraneous services running on ports that would make it susceptible to attack from the outside. You can drop it on a public IP address with no worries.

Featured Post

[Video] Create a Disruption-Free Workspace

Open offices have their challenges. And Sometimes, it's even hard to work at work. It's time to reclaim your office and create a disruption-free workspace. With the MB 660, you can:

-Increase Concentration
-Improve well-being
-Boost Productivity

Tackle projects and never again get stuck behind a technical roadblock.
Join Now