# Security considerations

OMniLeads is an application that combines Web (https), WebRTC (wss & sRTP), and VoIP (SIP & RTP) technologies. This implies a certain complexity when deploying it in production under an Internet exposure scenario.

<figure><img src="/files/2Fwov2JfRBizWFMnVwjq" alt=""><figcaption></figcaption></figure>

\
On the Web side of things, it is ideal to implement a Reverse Proxy or Load Balancer in front of OMniLeads, meaning exposed to the Internet (TCP 443) and forwarding requests to the Nginx of the OMniLeads stack.\
\
Regarding VoIP, when connected to the PSTN through VoIP, it is ideal to operate behind a Session Border Controller (SBC) exposed to the Internet.\
\
However, we can intelligently use **Cloud Firewall** technology when operating on VPS exposed to the Internet. Below are the firewall rules that will be applied to the All In One instance:

* 443/TCP Nginx: This is where Web/WebRTC requests are processed by Nginx. Port 443 can be opened to the entire Internet.
* 20000-30000/UDP: WebRTC sRTP RTPengine: This port range can be opened to the entire Internet.
* 5060/UDP Asterisk: This is where SIP requests for incoming calls from ITSP are processed. This port should be opened, restricting by source IP(s) of the PSTN SIP termination provider(s).
* 40000-50000/UDP VoIP RTP Asterisk: This port range should be opened, restricted to the source IPs of the PSTN SIP termination providers.
* 9090/TCP Prometheus (optional, only if you are monitoring with Grafana and Prometheus): This is where connections from the monitoring center, specifically from Prometheus Master, are processed. This port can be opened by restricting the source to the monitoring center's IP.
* 3100/TCP Loki (optional, only if you are centralizing container logs with Grafana and Loki): This is where connections from the monitoring center, specifically Grafana, are processed. This port can be opened by restricting it to the IP of the monitoring center.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.omnileads.net/english/omnileads-installation-methods/security-considerations.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.