hey guys how's it going thank you so much for joining another webinar and uh this is going to be our session to talk about the security settings on the yay star p service pbx uh which is going to be our yscs security specialist okay so it's so good to have you guys here and uh i think this is about the time so let's just jump in all right now this session is kind of like how we're uh it's actually our session one the part one okay so in today's session we will basically talk about some security settings on your p-series pbx something very fundamental and we're also going to talk about the security enhancement on every single one of our extensions and later on i will also talk about the firewall rule settings on the p server system as well okay now guess we can get started so let's jump in now first thing first i want you guys to take a look at the screenshot i have here oh this is going to be one of my p series pb axis which is deployed in the office so you guys can see it's p570 all right so the first thing i want to talk about here is uh whenever you got a new system there a brand new p service pbx let's see when you try to get started of your configuration you want to deploy the system in the local area network you want to you know basically it's like you just want to use it all right so for the first step what you're supposed to do there is as we know we get the default ip address of the system which is going to be [Music] 192.168.5.150 right so you can simply take your laptop take your computer anyway use the ethernet cable connect with the lan port on your p-series pbx and use that default ip address which i mentioned before so you will be able to jump into the system directly oh well by the way as you can see here currently i'm not using the default ip address i'm actually using this yay start fqtm which is a remote access service also known as the remote access service this is a more secure way for you to log into the system but anyway we will talk about the res later okay i think we're going to talk about this res in the next session but today let's just keep going all right so whatever you use there the res or the ip address anyway like i said for the first time pretty sure you're going to use the default ip address uh you're going to connect the lan port with your pbx absolutely then you will be able to see something called installation wizard i'm sorry you guys can see i don't have an installation wizard now you can actually see this login interface which is posted on my screen now right i can use the username and the password to jump in start my configuration but actually uh this is something i configured all right so for you guys actually once you get the new system for the first time there's uh installation wizard like i said so the point here is we don't give you guys any default username or default password that's just the point guys keep that in your mind so this time you get the p series system uh you don't have a default username or password so what you can do there is you can just use the default ip address to jump in and uh how do we get started this might be the question right if we don't have the username and the password uh just like you said you will see the installation wizard please just follow the installation wizard all right because for security reason this time we don't give you any default username or password we give you the installation wizard and you guys can simply follow the installation wizard step by step one of those steps which is so important is going to be the configuration of the username and password which means you're supposed to be the guy to set the username and the password for your system by yourself so keep this in your mind this one it really matters uh it basically means if you're the super administrator you're the you know supervisor it manager whatever uh the administrator administrator's user password could be anything it could be admin it could be yay start right as you like so you guys can see i've already set the username as admin and i also get a password that's something totally configured by myself so that's the first thing i want you guys to keep it in your mind which is so important all right don't forget to set the username and the password and later on pretty sure you guys will also need to set the email address for the super animus twitter so again don't forget to set the super animus twitter's email address because later on uh you might probably need to get some notification sent by the system right so you really need the email address being activated be configured on your system so that's another point so once again don't forget to follow the installation wizard set the username and the password and also your email address and by the way about this password my recommendation here guys uh my suggestion i mean the suggestion here for you guys is uh try to set a complex password all right with you know letters numbers lowercases uppercases anyway you just mix them together make it be a little bit complex this is good for your security that's it all right and then we can basically go click on lock m so we can jump into the system directly now this is the first thing i want to talk about about the security it's not a big deal but sometimes we just you know it's real easy for us to ignore this but that's why it really matters once again keep this in your mind so it's really important for this for the entire system security okay now once we're in the system the next thing i'm going to talk about here is let's just go check on system here all right go click on network okay so go check on network here and uh pretty sure in the previous session in our ysct training we've already talked about this right so i'm gonna skip this part the basic settings is not a big deal you can set your system under door mode uh single mode or bridge mode as you like right depends on you actually so i'm going to skip this part so what i'm going to talk about now is going to be this take a look the web server here's the thing now if you guys use the iep address to jump into the system all right you will see something special now apparently i'm not using the ip address now right i'm using the res remote access service with this jstor fqtn to jump into the system so you won't be able to see anything posted on your browser however if you use the default ip address to lock into the system now pretty much sure on your browser you will see there's alert which tells you uh you know the link you're going to access it's not secured blah blah blah something like that it's it's just like alert right the notification tells you this access is not secure why well the reason is pretty simple because take a look check on the web server here you guys can see our system has been enabled by default redirect from http port 80. that's the reason right so we use the http with the ip address redirected port 80 uh to https i'm sorry guys so actually this is like automatic redirection from http port 80 to https port 8088 that's it now because we're using https and uh we also ask you guys to enter the username the password you know something about the privacy right so that's just the reason that's why your browser will just show you this alert especially when you use google chrome right you're pretty sure you will see there's uh you know security alert which tells you uh be careful anyway uh but once again like you said we're just locked into a pbx right this is not a web server it's not an actual server you know deploying the public network it's just a hardware pbx deploying your local office i mean your local area network in your office that's it so you can definitely you know just go click on proceeded you know just skip that part go lock into the system directly so this is the second point i want you guys to be careful all right uh the protocol here once again is https uh the port is gonna be 8088 this is the default port for your https so next time for security reason if you don't want to use the default https port uh 8088 you want to use something else you can customize it here of course now of course you can also switch the protocol from https to http uh however we don't suggest you guys to do that uh our suggestion you just keep what it is https this is good for security absolutely okay and another one we have here is going to be log out time so give it a check here auto lockout time is going to be 15 minutes this is by default configuration so if you jump into the system you never do anything there after 50 minutes our system will just kick you out that's it so this is like a self defensive mechanism uh but it's customizable you can absolutely switch from 15 minutes to you know longer a little bit longer okay so this is going to be the web server uh another point i want to talk about here okay all right so let's just keep going all right let's keep going okay now next one i want to talk about here is going to be this let's get back to the uh i think we can get back to this static routes let's give it a check here another thing i want to talk about here is going to be static routes so static routes what is this well you can check on the name it's called static routes which basically means this is like a place for you to create a couple of rules to tell your system what is your routes right to handle data transmissions that's it that's it that's what it is so usually we don't use static routes mostly we don't use this however when we enable door mode on our p-servers pbx we might probably need to enable static routes here we might probably need to create a couple of routes there it depends on your local area network configuration it might be a little bit tricky but what you're supposed to do there is you're supposed to go check on your router your switch i mean your entire local area network figure out what is going on there with your data transmission in this local area network especially when you set your pbx under dual mode so let me explain why usually we don't use dual remote on our p servers pbx first of all you know because we can use single mode we can use bridge mode as we know mostly we're just going to use one interface to handle our data transmissions for both of our internet connection and our sip connection right so you have a sip trunk you have a sip service you have internet access anyway they can't use the same port all of our data transmissions uh they go through the same port lan port right it handles everything however in some areas in some countries things might be a little bit different for example as far as i know if you got an office in singapore or maybe saudi arabia just an example so according to the local regulation the way how you get the zip truck service the sip truck connection is quite special service providers or carriers they will give you another i mean they will just give you a very particular physical cable a physical line a physical ethernet cable which works for sip chunks specifically that's just the situation that's just the thing all right so if that's the way how we get the sip trunk well we got a problem now obviously if we are working under single mode or you know like a bridge mode we only have one interface and this interface can only hana can only handle you know data transmission either network service or the sip service so you need to make a choice now right but obviously it doesn't make sense what we're supposed to do is we want to make sure our our pbx our p server system is capable with both of our network connection i mean internet connection and the s service zip connection right so for that's the current sense uh we are actually going to enable door mode on our pbx on our p server system okay so here's the deal if you get back to the basic settings here you choose door mount now well you can see here we can set lan port or whatever you prefer there right for example like i got a particular static ip address for my lan port and i can set another particular static high p address for my wan port probably this is going to be the ip address provided by the service provider because for the sip trunk you know authorization they might probably give me a very particular public ip address so i do need to configure that ip address over here on my wamport however the thing here on our pc system is even we get a two different interfaces physically you have two ports but we cannot handle two different networks simultaneously on the p server system we can only handle one network connection now under the currencies uh which i was talking about now you know you have uh you have internet connection mostly you're going to use the ethernet cable connected with your network switch with your router for the internet connection and on the other hand on the other side you have another cable another particular line which provides you the you know the zip the sip service right so that means you have two different networks you cannot put all of them you know working simultaneously on our pbx that's why we need to set a couple of static routes here you know you just configure a few static routes here to tell your system hey here's the destination and uh i would like to handle data transmissions to that particular destination with this you know with this way to make it specific all right so you simply go click on add there set the destination here oh by the way don't forget to set the subnet mask obviously that's very important and then you guys can see here interface select your interface because you're working on a door mode now you have two interfaces uh both are working but you need to make it be more specific to tell system hey this particular data transmission it goes through my lan port and that one goes through my wind port that's like a traffic control right so this is just the static route all right uh well once again like i said you truly need it when you enabled your mode on your p service pbx and the reason it's just like you mentioned our system cannot working on two different networks simultaneously all right so you're supposed to set the static routes here um maybe one or maybe a couple of them to tell our system how to handle this now back to the basic settings here you guys can see so you can choose one of your interface work has the default interface then for the other one well absolutely you need to set the static route to tell the system to make it clear okay so this is about the static route all right now let's keep going okay so another one i want to talk about here is uh it's going to be this give it a check here another cool feature we can do here on the p server system i think this is uh not very popular but sometimes it helps a lot which is going to be vlan so virtual local area network this feature we also support it uh to be very honest that the virtual local area network is not configured on our pbx because this is just a pbx this is just a server which handles communication all right it's not the server to handle network connection in your local area network so in other words talking about the virtual local area network this is something supposed to be configured on your network switch your router anyway those devices not on our pbx uh well what we can do here is if you got a particular environment of vlan virtual local area network well the good thing here is you can back on our pbx enable vlan you can you know put our pbx in your local i'm sorry in your virtual local area network to make it as one of your vlan client that's totally supported all right so this is the deal all right now as for the vlan i think we can explain a little bit here what is the vlan oh well the full name just like i mentioned is called virtual local area network uh so it's virtual right so now we might probably got a question is hey for what kind of currencies are we gonna use a virtual local area network uh here's the deal for a small office i don't think you need a virtual local area network if you're you know like a couple of guys 10 people 20 guys in the office probably you don't need the vlan all right because i guess just a router with a couple of switches uh you can build your local area network fine all right and you don't need to worry about the traffic issue right because you only have a couple of guys in the office so the network speed the traffic is not a big deal right this is just a small office however if you're running a you know like a medium-sized business a medium-sized office let's see you got a 200 users 200 extensions of 200 agents in the same office in the same building they're going to work simultaneously they all work together right so they have lots of work to do on the network they're going to go access the public network internal local area network anyway so which means the point is so many data data transmissions guys the traffic will be crazy right so like uh if one of those guys trying to communicate with another guy well you know from his computer we're going to send some packets out a broadcast right it broadcasts it to other computers well this is going to be the local area network guys every single one of our endpoints are totally connected so that broadcast will be broadcast to everyone now what if you have like 10 people 20 people 30 people or maybe 50 guys are trying to send broadcasters simultaneously think about this your network will be totally you know crashed obviously uh it's gonna be on fire well not the actual file right so this is just a deal right so for that's the term since we really need a solution to handle this to figure this out that's what that's why we need a virtual local area net we a virtual local area network we just need to separate the local area network make it be more specific make it be more logical and the most important thing here is it can help us to improve the network speed it can help us to control the traffic that's just the deal and also one more thing you know because you can create a couple of vlans there and uh absolutely you can make a very simple um you know very fundamental level network be a little bit complex right that means you can improve the security as well so this is just another way for security enhancement but once again this security enhancement solution is not based on our pbx it's totally based on your local area network configuration mostly based on your router or your network switch so back on our p-series pbx is gonna be this we can't enable vlan so for the circumstances like i mentioned before if you have a situation if you got a you know particular situation scenario like i mentioned before you want to use the vlan uh go check here enable vlan on your p-series pbx and you will be able to put your pbx be a part of this vlan so what we're going to do here is we will simply need to enter the vlan id right over here plus the vlan priority so these are the thing we're supposed to configure on the pcr system uh if you want if we want to use the vlan okay all right so once again it's uh it's not a big deal uh especially based on the p server system we don't need to do anything special there but it's very important for us to enhance the security if you really need to use the vlan uh well just don't forget to configure it on your network switch okay so this is about vlan configuration all right now let's keep going okay so the next thing i think we are going to talk about here is going to be extensions let's back to the extensions here all right let's talk about some security enhancement on the extension okay so in the previous session by the way we've already talked about the basic settings for extensions right so you want to add a new extension you go click on it you can create a new extension that's not a big deal but i guess we still have something left on the extension settings which is going to be this part security so give it a check here security settings on extensions is very important especially have some remote extensions you want to register an extension on your pbx remotely and uh pretty sure you're supposed to go check this place have a look number one sip security so if you have a remote extension all right you truly have a remote extension now for example like we're under the hybrid working situation now if you have a iphone deployed in your house you want to use that iphone remotely that would be the remote extension right so if you try to remote uh if you try to register that extension on your pbx remotely step one don't forget to enable this allow remote registration all right this one is very important but for security reason if you don't have any remote extensions there please just disable this all right unless you have a remote extension otherwise you don't need to enable this okay the next one sip user agent identification you can absolutely enable this one as well so you probably get a little bit confused about this what is this drop your mouse on it you can see here's the explanation uh when registering zip films will send packets containing the user agent string if the prefix of the user agent does not match the value defined here the registration will fail this match is uh you know case insensitive so example if you fill an airline here only the phones whose user agent prefix is a-link can register this extension as we know for the phone registration we're going to send a couple of uh packets from the p from the film to the pbx for the registration so those packets are going to carry some important information now this one user agent prefix is one of them so if i enable this this is definitely like identification all right if i add a user agent here like the example mentioned a link so if i type in a link here the next time if you try to register some other ip files well you are not going to be able to register them on the pbx successfully because they are carrying a totally different user agent so that's not going to be accepted so this is just a way for enhancing the security uh especially when you have a remote extension okay then let's keep going another one another one will be sip registration ip i'm sorry zip registration ip restriction have a look uh so this one we can even make it a bit more specific for security enhancement uh ip restriction right so you can absolutely add a particular ip address here so that's so clear right that's so obvious next time if i try to register a particular film here and the ip address is supposed to be this one because i just add a very particular you know permitted ip address if the ip address i'm using there it's not this one well i'm not going to be able to register on this pbx right now okay so this is going to be the remote registration okay now let's keep going uh next part next part is going to be call restrictions have a look here for call restrictions usually we don't need to do anything here because our system got an automatic defensive mechanism uh which will be the call restrictions i'm gonna talk about it in the next session all right but here's the deal if you want to set a particular rules here to limit some you know particular extension that's fine you want to limit a very particular extension you can just go access this place now for example you can disable outbound costs so for example i get a particular extension i only want him to make internal costs like hey this is this is just for internal communication only not for externals then i can just enable this one disable outbound cost so this guy this extension will not gonna be able to make any you know outgoing costs all right another one disable outbound costs outside business hours oh well i can also enable this one as well this one is really i think this one is really user friendly sometimes you know out of business hours i want to control i want to limit all of our extension users hey guys this is uh you know time's out right so uh out of the business hours you guys are not supposed to be able to make any external costs then we can just enable this one and the last one you can see this disallow international cost so for security reason i guess let's talk about the threat i think the biggest threat for your security will always be the top route right because we're talking about the pbx so this is uh the central system for communication so the biggest the threat is always going to be the top route right and talking about the top fraud mostly those top fraud are going to be something happens on the international costs because crazy guys they really want to make free costs for international costs absolutely so you can absolutely enable this one disallow international costs then this particular extension user will not going to be able to make international costs absolutely so another way for security enhancement all right uh next one you can also see this album call frequency restriction so for this rule you can see this one default which is going to be the extension outbound call frequency that's just the one we have on the system by default uh just like you mentioned before the automatic defense mechanism and that thing is called outbound call frequency restriction which is going to be the topic we're going to talk it we're going to talk about it in the next session okay then here we have max outbound call duration you can set it over here or you can just simply follow the system so we're just going to use the system default settings okay another one it's gonna be this lbn route permission so for people who's gonna try to make an external cost we can also enable uh the outbound route permissions so you can also make your selection here and once you enable it then this particular extension will only be able to use some selected route for external costs okay so these are all for the security enhancement on the extension settings all right uh after that you guys just don't forget to go click on save all right same as you wrote whatever you configured on the system you want to make it work go click on save go click on apply all right now i'm going to skip this one okay so that was all about the extension settings now let's keep going okay so the next part i'm going to talk about here will be this let's talk about the uh you know the fire rules okay so talking about the fireworks configuration on the pcr system actually we have a couple of rules there not only the firewall rules so give it a check here number one it's called static defense static defense is also known as the firewall rules all right so just have a look first here's the thing guys if you got a new system when you jump in when you go click on security rules here and the first thing i'm pretty sure what you will see there is going to be the static defense here and you will see some default routes are existed already that's the thing i want to talk about here all right so those default rules you don't have to basically you don't have to change anything you know you don't have to change any of them we have so many default rules there for example uh here default private ip version 4 1 ip version 4 2. anyway we have a couple of routes here right so those rules are telling you that hey these are default rules and you can see the action it's accept and the protocol is going to be both now you probably get a question is what protocol are we using here so you can simply go click on add here see the protocol all right the protocol here we have udp we have tcp so if we select both means both udp or tcp they will be applied for this and the action actually we have a accept we have dropped we have reject so if you choose to accept then for any kind of you know access uh log in request anyway we're just gonna we're just gonna accept it and if we choose drop well we're not gonna do anything right so if you send any packets in oh we're not gonna handle this packet we're not gonna give you any feedback we're not gonna send you anything like arrow or any feedback that's it we're just going to ignore it now if we choose to reject oh that's so clear if we choose reject we're going to send you the arrow feedback to tell you hey your request is totally rejected uh we're not going to let you in so this is uh the basic configuration of the firewall rules the static defense rules all right now back over here like i said we have a couple of default rules so you can simply take a look those default rules are quite simple uh take a look the default one right the default private this is definitely going to be the default route to tell you hey this is going to be the local area network the private access of the local area network access so for the local access oh we don't want to create any trouble for our customers so we just create four rules there to tell the system those are local access uh usually we can just accept all of them that's it so this is the first thing i want to talk about for any kind of local access as we know unless you you're you're gonna do something bad in purples otherwise for any kind of locals access that will be fine right it's just local access nothing special it's okay right it's under our control so we don't want any limit there we don't want any trouble there so we have a couple of routes there uh you know pre-configured by the system so this is the first thing and the second thing i want to talk about here is you can also see some other default rules are existed here on the system as well which are something like this update.yeaster.com rmtunnel.yayster.com anyway so those things are like remote management like remote access anyway so those things are basically some rules created by our system it's pre-configured and those things if you take a look you will you i mean it's going to be really easy for you to figure out those rules are basically to tell the system that hey for this kind of access to yankstar servers um we're supposed to be able to access it directly all right we're supposed to be able to receive any feedback any packets any data transmissions from those servers directly without any trouble because those servers are so important for the pcr system for example like remote access service you know remote access service is based on our remote access server right so without the server you're not going to be able to have this encrypted tunnel for your remote access so we don't want to have any problem there right we don't want to have any trouble there or like maybe like smtp server now you know yay store provide you guys jstor just provides you guys a yay starter smtp server all right it's all pre-configured so if you want to use the yay star smtp server i'm pretty sure you don't want to have any trouble there right so to make sure there's no problem happens in the future then we just create all these you know pre-configured rules on the system by default we just help our customers to figure this out you don't need to worry about anything there unless you just don't want to use it all right so you guys can see for the local access it's not going to be able for you to change anything there because they are just for local access all right you can't change it but for the server access like his ad if you truly don't want to use it you don't want to access in the server that's fine you can go click on add it here you can change it this is fine all right so this is the second type of the uh default rule okay and the third type of devil rule you will see here on your system is going to be something like this it's called auto provisioning device so what is the auto provisioning device that's nothing special to be very honest guys when you try to use your p-service pbx in the local area network i'm pretty sure you guys are gonna use a bunch of ipvans right so for those ip fans registration pretty sure you're going to use the auto provisioning for the phone registration right so here's the deal if you use the auto provisioning to figure out the phone registration then i guess you don't want to have any trouble in the future for the phone registration for the phone connections right so once you use the auto provisioning for the firm registration then we just create this particular rule on the system automatically for helping you to to to you know uh make it clear make everything clear so you won't be able to have any trouble on it especially for the phone registration now because as we know sometimes for the phone registration if we got a let's see if i got a one of my iphone being blocked by accident all right then you know the consequence the consequences you will never ever be able to register this film on your pbx successfully right so we just don't want to have that kind of awkward situation happens well we just help you to create those you know rules automatically so you won't be able to have any kind of trouble like that okay now after that what next all right you probably want to know what next the next thing you're supposed to do here is quite simple you can just go click on add here add a couple of routes as you wish now for example the default rooms give you guys the all permission for the local access right however for the local access if you want to make it be more specific like i just want to limit a very particular extension or a very particular user let's see a particular ip address i just don't want him to access the system to register a fail anyway i want to make it be more specific but that's just a special thing all right just one of them so the next step is we're just going to go click on add create a new rule here damn name it step one just name it all right because you might probably have thousands of rules on your system you want to make it clear name it this is step one if this is not that clear you can also drop something in the description make things be more clear all right then the action just like i said you have three options here you can choose accept you can choose drop you can choose reject uh make your selection here right once again like i explained before if you choose accept we're just going to create this particular rule for accepting all kinds of you know requests well if we choose drop we're not going to do anything we're just saying we're just going to ignore it however if we choose reject well this rule will be really clear this rule is just the rule for the limit all right i'm not gonna accept any packets data transmission request from your site because the route tells me i'm supposed to reject it okay then next part defense object so make sure make your selection here right you can set a particular rule to to you know limit this particular ip address or a particular domain name or even a mac address and as for the protocol make your selection here all right so for example like if i want to create a rule for phone registration then i might probably choose udp because you're going to use zip udp right then i can select an ip address here or i can use a mac address here so you won't be able to use udp to register your phone on mypbx this is just one example but obviously for this part of configuration it's really flexible once you figure out how does it work once you know exactly how we make use of those items well you know this is going to be really easy okay so this is going to be static defense all right now another thing we have here is going to be all the defense let's talk about this the other defense here it's much easier i guess odd advanced rule i'm pretty sure you can see this on every kind of uh network devices all right whatever the network device you have they're pretty sure you will have the audit advance so this is like automatic defense mechanism all right so we have a couple brews there for example like for ssh for udp for tcp anyway uh we just tell you this is a default port if you never change it on the system then that's going to be the default port for example on this pbx the ssh port is going to be 80 22 that's the default and for udp 5060. default right and the protocol is going to be tcp udp anyway that's all the prodigal uh you know limits there then we have rate so the first one take an example take this one as an example you can see here the rate is going to be 10 by 60 seconds the meaning is quite simple during 60 seconds maximum maximumly you will be able to send 10 packets all right through the ssh port 80 22 by tcp protocol that's it well if you want to change this you want to customize this of course just go ahead you can choose the service type here all right it could be the service it could be the port range depends on you all right then you can set the particular you know number of packets which is going to be the rate time interval 60 seconds this is the default one so this is fully under your control right now what i'm doing now is this is just going to be service a very particular one ssh or lincus or rtp make it be more specific as you wish all right or maybe this is just going to be the port range that's also fine so i would like to create a particular port range so whatever the access request is i don't care about it if you try to access me through you know that particular port range i'm just going to limit you with this particular rule so maximumly you're going to be able to send me 10 packets during 60 minutes that's it well this one it really helps a lot for some some sort of you know protection all right because oh hackers let's talk about this crazy guys usually when they try to attack your system when they try to do something crazy on your system they want to break your they want to crash your uh protection anyway so the most common way for them to do is they just keep sending you packets all right keep sending you lots of you know tons of packets numerous packets to the same port right then eventually you just cannot be able to handle so many information you know so many data you can't be able to handle that then boom your protection is crashed that's just a very common way for you know crazy guys tries to break your protection your security now here's the deal we just don't give them we just never give them any chance there so we create a couple of rules there and i don't really care about how many packets you're gonna send there all right because you can see the rate here if you try to send me more packets like over 10 packets during 60 minutes i'm sorry i'm sorry i'm not going to do anything there i will just drop you to the block list directly so goodbye you're totally blocked all right which is going to be this one blocked an eyepiece so you guys can see this oh for example this is a good example the web login so if someone tries to log into my system through the web for example like the web access all right then he or she just tries to log into my uh you know through the https port 888 you guys can see this oh then we're just going to drop him or her in the blocked ip list so you can see this is going to be the source ip address so this is the target the target destination 41.248.136.135 and expiration date is going to be this that's the expiration date so you can see the expiration date is going to be december 30 um 2099 time will be 23 59 59 i guess that's just going to be the permanent blocked absolutely but of course sometimes maybe this is just a mistake all right sometimes you know this is just like a mistake oh somebody did a mistake right maybe this is just one of my colleagues well what now now you can just delete this particular record when you delete this record that particular guy he will just be able to log into the system again that's it all right so this is going to be blocked an ip address this one i guess really happens for some securities for example i'll give you guys an example sometimes you know we have a couple of extensions let's see we have a couple of extensions we tried to we just try to register them on our pbx but it won't work all right then we just keep trying keep trying keep training which means we're gonna keep sending packets on the system over again and again then eventually we just get our iep files being blocked then what then you can definitely check over here i'm pretty sure your iphone's ip address is going to be posted in this list that's just the final result that's just the consequence all right so but it's not that popular sometimes it might happen it might happen once again like you said if you use the auto provisioning you don't need to worry about this because if you use the auto provisioning our system just automatically add your iphone's mac address on the pbx by creating a particular static defense rule and the action is going to be accept totally all right so this is going to be blocked in ips okay all right so i guess that was all we have for this session all right so uh you guys just keep uh stay tuned all right we have another session we will finish something else something left on our system okay so catch you guys in the next one