🇬🇧
Omnileads Docs
ComunidadForo
English
English
  • 👶Introduction to OMniLeads
    • OMniLeads General Specs
    • Architecture and components
  • 🚀OMniLeads installation methods
    • Deploy using Docker
      • Deploy with Docker-Destkop
      • Deploy with Docker for VPS Cloud or VM
      • Deploy with Docker for VPS Cloud or VM with External Bucket
    • Deploy with Ansible
      • AIO (All-In-One) Deploy
      • AIT (All-In-Three) Deploy
      • HA (High Availability) Deploy
      • Backups, Restores, Upgrades and Rollbacks
      • Migration from CentOS7
    • OMniLeads Enterprise
    • Development Enviroment Deploy
    • First Login
    • TLS/SSL Certificates
    • Monitoring and observability
    • Security considerations
  • ⚙️Initial Configuration
    • External Authentication
    • Text To Speech (TTS)
  • 🎯CX Survey (Pro)
    • Reports
  • 📈Premium Reports (Pro)
    • Activity Reports
    • Analyzing Results
  • 🎞️Video Calls (Pro)
    • Wordpress Plugin
    • Initial Configuration
    • Webphone Demo
    • Embedding the Webphone
  • ☎️Voice Channel Configuration
    • General SIP trunk parameters
  • 🆗Whatsapp Channel Settings (Pro)
    • OMniLeads & GupShup
    • Register WhatsApp Business in GupShup
    • Message Templates and Time Groups
    • Providers
    • Lines
  • 🚧Wallboard for Business (Pro)
    • Creating a Wallboard
    • Adding Widgets and Realtime Pages
    • Exploring Widgets and Metrics
  • 📤Whatsapp Bulk Messaging (Pro)
  • 💬Contact Campaigns
    • Inbound Campaign
      • Incoming Call Routing
      • Forwarding incoming calls from the PBX
      • Time range conditioned routing
      • IVR - Interactive Voice Response
      • Incoming Caller ID
      • Ejecución de dialplan personalizado
    • Manual Campaign
    • Preview Campaign
    • Dialer Campaing
    • Whatsapp Campaign (Beta)
  • 🎧Agent handbook
    • Login Logout
    • Manual calls from contact list
    • Preview Calls
    • Dialer inbound calls
    • Inbound calls
    • Calls between agents
    • Contact List
    • Whatsapp Messages
  • 🛑Reports, recordings and monitoring
    • Recordings
    • Incoming Campaign Reports
    • Outbound Campaign Reports
    • General call report
    • Agent reports
    • Whatsapp reports (Beta)
    • Conversation Reports
    • Supervision
  • 📊Backoffice - Management audit
  • ☎️Integration between OMniLeads and PBXs
  • 🛠️IT administrator's tasks
  • 🧩CRM Integration
    • Interaction from OMniLeads to CRM
    • Interaction from CRM to OMniLeads
  • 🔐Security considerations
  • 📌OMniLeads RESTful API
    • Agent Session API in Asterisk
  • 🗒️Release Notes
  • ❤️Community
  • 🎇About us
Con tecnología de GitBook
En esta página

Security considerations

AnteriorInteraction from CRM to OMniLeadsSiguienteOMniLeads RESTful API

Última actualización hace 11 meses

Security Considerations

OMniLeads is a web application, designed to operate under the protection of at least one perimeter firewall or cloud firewall in a cloud computing environment.

Ideally, it is recommended to deploy OMniLeads together with an HTTP Proxy or Cloud Load Balancer for HTTPS requests and a Session Border Controller for VoIP edge management.

This greatly strengthens the security of your deployment. Considering the scenario where users will access the application both from the local network and from the Internet, the following list of ports must be exposed to the outside:

  • UDP 5060: SIP traffic coming from the PSTN. Must be validated by source IP (src: SIP Provider).

  • UDP 40000 a 50000: RTP/UDP traffic coming from the PSTN. Must be validated by source IP (src: SIP Provider).

  • UDP 20000 a 30000: WebRTC traffic coming from users. In this case, users are assumed to be in home-office mode, so it is left open to the Internet (src: 0.0.0.0).

  • HTTPS 443: Web and WebRTC traffic from users. In this case, users are assumed to be in home-office mode, so it is left open to the Internet (src: 0.0.0.0).

  • TCP 9090: TCP traffic coming from the Prometheus component of the Observability Stack (src: Observability Stack).

All in One type deployment:

Cluster deployment on a cloud-computing scheme:

Important!

In case you need to expose VoIP ports to the ENTIRE Internet, it is recommended to manage VoIP security using a Session Border Controller or an Asterisk or Freeswitch configured as a SIP border component, so that OMniLeads is not exposed to all IP addresses. At the very least, you will start receiving SIP junk from multiple sources.

🔐