How do I secure my device network access?
Whether you’re a school that doesn't want devices to be used off-campus, a company with a lot of mobile users who need to change networks frequently without being hindered, or an enterprise with advanced security requirements, you can set up the specific boundaries that you want your devices to function within.
We highly recommend you do not change the default permissions (PROV and ADMIN only) for 0.0.0.0/0. Adding REG permissions to this IP address will defeat the purpose of the network access feature, as it would allow any user to connect from a network, regardless of whether that IP address is trusted or not. If these permissions are removed, then IP addresses will not be authorized during the provisioning process and admins will only be able to access the portal from the specific networks listed. Organizations who opt to change this default are liable for any security breaches or fraudulent activity that may occur as a result.
Disable Automatic Network Authorization
- Sign in at https://my.jive.com/pbx.
- From , disable Automatically authorize network with provisioning and Allow non-admins to authorize own network.
- Sign in to GoTo Admin.
- Select Save.
Authorize networks
- Sign in at https://my.jive.com/pbx.
- From Network Access, click Add Network Access Permission.
- Enter the IP address or the CIDR (if adding an IP range) in the Network field. For the CIDR, be sure to format the network to include the subnet mask. For example, 99.88.77.66/24 where /24 is the subnet mask.
- Select the type(s) of Access the network should have:
Option Description REG — Recommended Device Registration — Allows calls to be made and received using this network. PROV — Recommended Device Provisioning — Allows devices to provision using this network (i.e., access configuration files from GoTo's servers). MEDIA Media Release — When both endpoints in a call are on networks that have the Media permissions, the Media (RTP) will connect directly, without routing through GoTo. Warning:- MEDIA should only be enabled with GoTo’s assistance. If set up incorrectly, your phones could be down for up to 24 hours after it’s corrected.
- MEDIA should never be enabled for the 0.0.0.0/0 network.
ADMIN Portal Administration — Allows system admins to make changes to the system using this network. If you authorize 0.0.0.0/0, administrators can access the system from any network. - Optional: Enter an Expiration date and/or a Comment to help identify the network.
- Select the checkmark icon.
Deauthorize networks
- Sign in at https://my.jive.com/pbx.
- From Network Access, select the pencil icon next to the 0.0.0.0/0 network.
- Disable all access permissions, but leave ADMIN enabled if you would like to allow admins to access the admin portal from any network.
- Select the trash can icon for the network you would like to deauthorize and then select Delete to confirm this action.
Edit networks
- Sign in at https://my.jive.com/pbx.
- From Network Access, select the pencil icon next to the network you want to edit.
- Make the desired changes.
- Select the checkmark icon.