When a MiVoice Border Gateway (MBG) is being used on the telephone system for remote client and/or teleworker connections, there are certain configurations that must be implemented in order to allow Phone Manager Desktop, Phone Manager Mobile, Phone Manager Softphone and/or 69xx Teleworker connections to pass through it.
This section is not designed as an MBG technical guide but as a indication of areas that need to be configured. For more information on the MBG configuration, please refer to the relevant MBG manuals.
MiVoice Border Gateway Requirements
To use MiVoice Office Application Suite with a MiVoice Border Gateway (MBG) for remote connections, the MBG must be running v10 or higher and be configured in Gateway mode.
(All the above are 'one off' configuration items unless the infrastructure changes)
Stage 1 - Configure MBG IP details in MiVoice Office Application Suite
For the MCS to be able to support teleworker SIP extensions (either Phone Manager Desktop Softphones or 69xx phones), it needs to know two pieces of information:
- The internal IP Address of the MBG
- The external IP Address of the MBG
The internal IP address of the MBG needs to be known for two reasons. The first is so that the MCS can identify which 69xx phones it receives requests from are actually Teleworkers. The second is so that it knows how to communicate with the MBG's API for SIP User deployment.
The external IP address of the MBG needs to be known so that it can be passed to Phone Manager Desktop and 69xx phones when they are registering their SIP connections.
Configure the MCS with the MBG's Internal IP Address:
- 'Configuration -> Site Settings -> Phone Systems -> MiVoice Border Gateway', enter the internal IP address of the MBG
Configure the MCS with the MBG's External IP Address for each Node:
- 'Configuration -> Site Settings -> Phone Systems -> [Your PBX Name]', enter the external IP address of the MBG into the NAT IP Address property for each node. If the external registration port for SIP has been changed on the MBG, update the NAT SIP Port as well.
Configure the MCS with the MBG's External IP Address for Remote Client Connections:
- 'Configuration -> Site Settings -> Client Locations -> Remote', enter the external IP address of the MBG into the 'NAT IP Address/Fll Hostname' property. This will be used to provide the remote 69xx phones with the URIs they need to communicate with the MCS server for firmware/softkeys etc.
Once the MCS has the information above, it will be able to identify teleworker 69xx phones and will be able to pass them the information required to connect to the MBG.
The External IP Address entered into the remote section of the
Client Locations will also be used by Phone Manager when connecting to the MCS Server.
Stage 2 - Configure Port Forwarding on MBG
There are various ports that are used by the different client elements of MiVoice Office Application Suite. Please review the port forwarding section for the client that requires remote access.
Phone Manager Desktop Port Forwarding on MBG
Phone Manager Desktop uses the following TCP/UDP ports to communicate back to the MCS:
Port |
Target |
Description |
TCP 8187 & 8186 |
MiVO App Suite Server |
Used to communicate to the MCS server to provide configuration, user data, chat etc. |
TCP 8188 |
MiVO App Suite Server |
Integration Services, only required if client access to the server-side API is required |
TCP 2001 |
MiVO App Suite Server |
Used to provide telephony status and real-time data. |
TCP 8200 & 8204 |
MiVO App Suite Server |
Used to provide real-time updates to the Personal Wallboard. Only required if the Personal Wallboard is in use. |
For Phone Manager Desktop to be able to connect back to the MCS, these ports must be forwarded through the MBG to the server running the MCS.
Configuring Port Forwarding for Phone Manager Desktop
To forward the required Phone Manager Desktop ports, complete the following configuration on the MBG:
- On the 'MBG Security -> Port Forwarding' page, create the following port forwarding rules with the Destination Host IP Address pointing to the IP address of the MCS server:
SNAT must be enabled on all the port forwarding rules added.
Do not Port Forward port 5060. If the Phone Manager Desktop Softphone is being used, follow the
Teleworker guide on SIP User configuration.
For more information on configuring Phone Manager Desktop Softphone as an MBG Teleworker, please refer to the
MBG Teleworker section.
Phone Manager Desktop Configuration
To connect a the Phone Manager Desktop remotely, open the 'Settings' page within Phone Manager and configure the following settings:
- General
- Default Location = Remote Connection
- Remote Connection
- Host Address = External IP Address of the MBG
- Override login details = true
- Username = MCS Username
- Password = MCS Password
- Extension details = User Preferred Method
The External IP Address of the MBG should be entered into the remote section of the
Client Locations setting on the MCS server.
Phone Manager Mobile Port Forwarding on MBG
Phone Manager Mobile uses the following TCP/UDP ports to operate:
Port |
Target |
Description |
TCP 8185 |
MiVO App Suite Server |
Used to communicate to the MCS server to provide configuration, user data, chat etc. |
TCP 8190* |
MiVO App Suite Server |
Softphone Audio |
* Only required when the Softphone is running. Phone Manager Mobile does note require Teleworker licenses or configuration on the MBG.
Configuring Port Forwarding for Phone Manager Mobile
Complete the following configuration on the MBG:
- On the 'MBG Security -> Port Forwarding' page, create the port forwarding rules for TCP 8185 with the Destination Host IP Address pointing to the IP address of the MCS host.
If using a Softphone then configure the following port forwarding:
- On the 'MBG Security -> Port Forwarding' page, create the port forwarding rules for TCP 8190 with the Destination Host IP Address pointing to the IP address of the MCS host.
SNAT must be enabled on all the port forwarding rules added.
For more information on configuring Remote Softphone connections, see here.
Phone Manager Mobile Configuration
No specific configuration is needed on the Phone Manager Mobile client software. Ensure local and remote addresses for the mobile client to connect to have been configured on the server in the Client Locations section.
A trusted certificate is also recommended for Phone Manager Mobile connections.
69xx Phone Port Forwarding on MBG
69xx phones use the following TCP port to communicate to the MCS server:
Port |
Target |
Description |
TCP 8202 |
MiVO App Suite Server |
Used to communicate to the MCS server to provide configuration, user data etc. |
The other ports associated with 6900 phones (LDAP, TFTP, Multicast, Syslog) should not be opened up through the MBG.
Configuration of the SIP devices associated with the 6900 is done automatically by the MiVoice Office Application Suite. Please refer to the
Automatic Teleworker Provisioning section for more information.
Configuring MBG Port Forwarding for 69xx Phones
Complete the following configuration on the MBG:
- On the 'MBG Security -> Port Forwarding' page, create the port forwarding rules for TCP 8202 with the Destination Host IP Address pointing to the IP address of the MCS host.
SNAT must be enabled on all the port forwarding rules added.
Stage 3 - Configure MBG ICP connection for PBX
To use 69xx or Phone Manager Desktop Softphone remotely through an MBG, a SIP User teleworker needs configuring on the MBG.
Add one or more Nodes as ICPs on the MBG:
- On the 'MiVoice Border Gateway -> Service configuration -> ICPs' page, create an ICP instance for each MiVO 250 node that will be supporting teleworker SIP phones.
Ensure the 'Hostname or IP Address' setting used for the ICP matches the IP Address configured for the Node on the MCS server.
Stage 4 - Configure API integration for automatic provisioning
Automatic Teleworker Provisioning
To simplify the deployment of SIP teleworker phones, the MCS can use an API on the MBG to automatically provision SIP Users for SIP extension. This provides the following benefits:
- The default random credentials created on the MiVO 250 for each SIP extension can be passed to the MBG automatically
- The MCS can use randomly generated set-side credentials for teleworker phones
- There is no need to re-type the authorization credentials into MCS and the MBG, removing a repetitive and time consuming task and reducing the risk of mistakes
- The engineer/administrator deploying the teleworker phone does not need to know the SIP authorization credentials at any stage
For automated provisioning to work end-to-end between the MiVO 250, MiVO App Suite and MBG, the MiVO 250 must be running at least 6.3 SP1 and any CT Gateway must be running at least 5.0.64.
Enabling the Rest API for Automatic Teleworker Deployment
For the MCS to be able to communicate with the MBG and deploy teleworker SIP Users, it requires some connection information as well as a valid API token from the MBG. This section documents how to configure the MBG to accept API requests and the steps involved in setting up the token exchange. To complete this process, access to the MBG website and the MCS configuration website are required.
Once the Rest API has been enabled on MCS and it has a valid token, the MCS server will take any SIP extension that has been configured with remote authorization credentials and provision it onto the MBG. Any existing credentials configured for SIP Users on the MBG will be overwritten with those configured on the MCS.
Step 1: Create a new web service consumer on the MBG:
- On the MBG 'Administration -> Web services' page, press 'Start' to enable web services then press 'Add a new consumer' and provide the following information:
- Active = Yes
- Name = MiVoice Office Application Suite
- ConsumerID = MiVOAppSuite
- Permissions:
- Base/managetoken = Read/Write
- MBG/v1/icps = Read
- MBG/v1/devices = Read/Write
- Make a note of the shared secret then save the new consumer.
Step 2: Complete the token request from MCS to MBG:
- On the MCS 'Configuration -> Site Settings -> Phone Systems -> MiVoice Border Gateway' page:
- Check the 'Enable Rest API' box.
- Press the 'Request Access Token' button to load the 'Request Access Token' form.
- Enter the Name, Consumer ID and Shared Secret to match those created on the MBG in step 1
- Press the 'Save & Test API Credentials' button to initiate a token request with the MBG server.
- On the MBG 'Administration -> Web services' page:
- Locate the 'Temporary tokens' section at the bottom of the page
- Press the 'approve' button against the temporary token request.
- Highlight and make a copy of the 'Verifier' code (you may need to refresh the page to see the temporary token)
- On the MCS 'Configuration -> Site Settings -> Phone Systems -> MiVoice Border Gateway' page:
- Paste or enter the verifier code into the request window
- Press the 'Retrieve Final Access Token' button to complete the token request with the MBG server.
If the verifier is correctly entered, the MCS should be able to successfully request an API token from the MBG. This token will allow the MCS to provision SIP Users on the MBG for a period of 12 months. To avoid having to repeat the above process every 12 months, the token's expiry date can be extended on the MBG by pressing the 'Renew' button against the token in the 'Final tokens' section of the web services page.
The internal IP address configured in the Nodes section of the MCS website must match the IP Address configured on the corresponding ICP on the MBG website. If they do not match, the MCS will not be able to find the correct ICP when deploying a teleworker phone.
Stage 5 - Configure each device for remote access
Automatic Teleworker Device Deployment
Once the Rest API has been configured, MCS will automatically provision teleworker SIP extensions on the MBG.
The MCS will provision any SIP extension that has had the 'Use remote authorization credentials' setting configured against it:
Provisioning a SIP Teleworker Extension
To instigate the MCS provisioning of a SIP extension on the MBG, navigate to the 'Configuration -> Site Settings -> Phone Systems -> [Your PBX Name]' page. Edit the required SIP extension and then check the 'Use remote authorization credentials' check box. The MCS will pre-populate the remote authorization name and password with random values. Pressing save will update the credentials stored for the extension and will start the teleworker provisioning process.
Un-Provisioning a SIP Teleworker Extension
To un-provision a SIP extension from the MBG, follow the provisioning process but uncheck the 'Use remote authorization credentials' check box. Once save is clicked it will instigate the MCS removing the SIP User from the MBG.
This will only work for SIP extensions that were previously provisioned by the MCS. If a SIP User was manually added to the MBG it may need to be manually removed. If a SIP extension has been provisioned on the MBG by the MCS, the MBG's ID for the SIP user will be displayed on the SIP Authorization form of the extension in MCS.
When using a MiVoice Border Gateway, the internal authorization name must match the extension number of the phone otherwise authentication with the telephone system will fail.
Any SIP extension provisioned using this method will automatically have a random remote authentication username and password assigned if they do not have them set already.
For information on how to provision SIP Users manually, please refer to the Manual Teleworker Provisioning section.
Each Teleworker connection on the MBG requires a Teleworker license.
In addition to configuring SIP Users for teleworker extensions, they must also be configured for any SIP Hot Desk extensions that will be logging into a teleworker phone.
Stage 6 - Manually add the Configuration Server address for each remote phone
Remote Phone Configuration for SIP Firmware
The following steps outline how to manually configure the Configuration Server connection details for each teleworker 69xx phone.
Each phone must be updated to SIP firmware before this configuration can be completed. It is recommended to upgrade from MiNET to SIP firmware on the local network and then manually configure the phone before sending it to the teleworker location.
- Add the configuration server details on the phone manually, press the settings button () on the handset, then press the 'Advanced' key along the bottom of the screen.
- At this point you will be prompted to enter the administrator password. The default SIP password is '22222'.
- Once the password has been accepted, use the navigation keys (D-pad) or touch screen on 6940 & 6970 to navigate to the 'Configuration Server' section.
- Populate the following entries:
Download Protocol: HTTPS
HTTPS Server: [Enter the external IP Address or external DNS name of the MCS server configured in Stage 1]
HTTPS Port: 8202
Cert Validation: false
- Press 'Save' and then reboot the handset.
After a reboot, the phone will connect to the MCS server and download firmware other configuration information.
It is possible that there will be more than one reboot at this stage as the firmware update is completed
The handset should now be registered with the MCS server.
The Phone will have Line 1 and Line 2 showing as the Top Sofkeys.
Unlike for local deployment as 'Setup' button will not be available and the SIP extension needs to be configured in the MCS server.
The 'Phones' page within the configuration section of the MCS website can be used to view whether the handset has been identified. The MCS uses the handsets MAC Address to uniquely identify it.