Dynamic Good Guy Firewall or VICIDIAL Integrated Firewall

All installation and configuration problems and questions

Moderators: gerski, enjay, williamconley, Op3r, Staydog, gardo, mflorell, MJCoate, mcargile, Kumba, Michael_N

Dynamic Good Guy Firewall or VICIDIAL Integrated Firewall

Postby davesdatasystems » Sat Jul 13, 2019 4:12 pm

I know i am going to catch a little flack for this (so please have mercy) There is really nowhere to ask this. As i know Dynamic Good Guy Firewall is not really part of VICIDial support.

So here is my few questions on it. I will be installing it on the system listed below in my signature (yes, finally added it). But i needed to know if there is any changes i need to do for 8.1.2.

My other question is


Continues with apache configuration

Next we have the apache configuration:

Enter FQDN or IP - whichever is used in URL - of this server for apache configuration:
Enter the FQDN or IP


where would i put this, i would be using a URL. I just want to be sure.


Image

another thing, on this picture above, would this be correct, or do i need to assign the zones directly to eth0 (yes, i have confirmed that eth0 is what the system is using. DGG wiki page said this had to be done, and really dont want to screw this part up as well.



Ok, i will now brace myself for the "This is not DGG support forums."

But thanks for any help

--------------------------------------------------------------------------------------------------------------

Option 2

I have been aware of the vicidial integrated firewall as well, But i have not seen a clear place where it tells how to enable it, step by step. I always get nervous about doing something like this, so i like to ask questions first. I access my system almost completely remotely. SO i would love to be able to do the white list method that is similar to DGG. Before i do either, i want to have the right info, so i dont even up getting locked out of the system.
VICIBOX V10 installed via USB
VERSION: 2.14b0.5
BUILD: 220831-0850
Asterisk 13.38.2-vici
SVN: 3641 (at time of this signature edit)
Custom PC
No Extra Software After Installation
davesdatasystems
 
Posts: 132
Joined: Thu Aug 25, 2011 11:39 am

Re: Dynamic Good Guy Firewall or VICIDIAL Integrated Firewal

Postby williamconley » Mon Jul 15, 2019 9:42 pm

Good job posting your specs. 8-)

The FQDN requested should be your Public IP or Domain Name. The one you will be using to access your system externally.

The ONLY "Interface" that should be "Internal Zone" is the one with your local IP address and ONLY if there is a public interface with all your internet segregated from your local traffic. Everything else should be assigned "External". If you only have one interface on the server, and it's a local IP that gets internet through a router, it should still be External. Note that "External" is protected. Internal is NOT protected. Not being protected is fine if the only traffic on that network is ... other servers and local agents. They are supposed to have access. (thus "Internal" for your "local" 192.168.x.x IP address is good, as long as there will be no public internet traffic on this interface.)

If you have remote access only, don't close port 22 until you have confirmed that turning OFF and ON a specific IP address turns OFF and ON other access for that IP address. EG: If you turn ON an IP (by adding it to the firewall directly or to the authorized IPs list of DGG) and that IP address now has access to the web pages (using curl from the CLI or a web browser at a workstation), then you need to confirm that removing that IP address will remove access. Switch back and forth a couple times. Turn it on/off. Verify Loss/Gain of access on port 80 as a result of adding removing the IP. At some point you should be comfortable enough to know that this will also apply to port 22. 8-) (and you can close it).
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
williamconley
 
Posts: 20258
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)

Re: Dynamic Good Guy Firewall or VICIDIAL Integrated Firewal

Postby davesdatasystems » Tue Jul 16, 2019 8:41 am

Thanks William for the help. The big question i had about the Apache setup, is that external ip something you just type into the browser to get the links or into the CLI, i am guessing the browser, but i want to make 180% sure before i table this.


Rest assured as well, i do have access to the Dialer. It just sits on its own ISP, and there is 2 ISPs going to the office. So i will be doing it "remotely" but i can (and might anyway for safety) run a network cable to the Dialer.
VICIBOX V10 installed via USB
VERSION: 2.14b0.5
BUILD: 220831-0850
Asterisk 13.38.2-vici
SVN: 3641 (at time of this signature edit)
Custom PC
No Extra Software After Installation
davesdatasystems
 
Posts: 132
Joined: Thu Aug 25, 2011 11:39 am

Re: Dynamic Good Guy Firewall or VICIDIAL Integrated Firewal

Postby williamconley » Tue Jul 16, 2019 9:54 am

davesdatasystems wrote: is that external ip something you just type into the browser to get the links or into the CLI

You seem to be conflating some functions here. An external IP or domain is required in that stage of the installation. In that stage of the installation, you are in the CLI performing an installation. Not in a browser. The result is a combination of links and CLI commands with instructions on when to use each. If the line contains "http://" it is a web link. There are two, each for its own purpose. There are also command line instructions for altering the link (which are often ignored, but they are there to allow easy changing of the link you will provide to the agents, which can be problematic if you rotate agents regularly, so having new links regularly is more secure).
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
williamconley
 
Posts: 20258
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)

Re: Dynamic Good Guy Firewall or VICIDIAL Integrated Firewal

Postby thephaseusa » Tue Jul 16, 2019 9:12 pm

This thread covers the new firewall for vicibox 8
viewtopic.php?f=8&t=38741

This thread covers the dynamic portal add on for vicibox 8 (similar to DGG in that you can log in to the portal and it allows the user’s IP address through the firewall)
viewtopic.php?f=8&t=38801

The new vicidial firewall system was inspired by DGG (I think) and does the same things. Maybe a little more complicated but I think worth learning.
thephaseusa
 
Posts: 345
Joined: Tue May 16, 2017 2:23 pm


Return to Support

Who is online

Users browsing this forum: Majestic-12 [Bot] and 41 guests