Multiple IP WAN Fusion Hub

I do understand that the fusion hub does not allow for multiple IP on the wan interface. So I am trying to understand the best way to set up the following.

We have a Balance 20x at the customer sites and we want to connect all of them with speedfusion. We have a fusion hub with phone servers behind the hub and we need to give each customer their own IP address to get to their own server. How is that done on a fusion hub if at all?

At the moment the only option is a FusionHub per customer/server as far as I could think. Or use a Balance in the datacentre which would give you a more full feature set and let you do what you want.

Hi Jeff1

I would advise you to review this information that I share about VRF in FH, I think it can be useful for you.

How to Create Virtual Routing & Forwarding (VRF) for Multiple Customer Groups in a FusionHub

I wish that would work but I left out an important tid bit… Our goal is have multiple 3cx servers behind the fusion hub and this all works as long as the customer stays in the enviroment. However when they leave the office the in order to use the mobile apps you need to be able to access by and extenal IP. We do not want to have to deal with vpn connects on devices so we need to be able to go to individual IP addresses. There are ports per server that are the same as well so that has to be dealt with as well.

Thought or am I missing something?

I used to do exactly the same with 3CX for my customers. Still am just for my own business now.

Assign a LAN with a private IP to each PBX as well as a WAN with the public IP on it. Make the LAN reachable over SpeedFusion using a LAN port on the Fusionhub. Stick some firewall rules in place if you really need to isolate the PBX LAN IPs.

So for the 3cx server you do not have any firewall or port control on the external IP address? This is the way I was setting it up and since there was nothing between the pbx and the internet I was a bit concerned.

Yes I do. The hosting provider has an in built firewall. I block all the ports I don’t need and lock down the ones I do to the IPs of my SIP trunk providers (apart from the 5090 tunnel port which is open to any source IP in the UK so home users and mobile devices work).

Okay great! In this case they do not provide that but I could put one in place and manage it or move to somewhere that has this function. May I ask who you are using?

And thanks so much for the help!

Vultr and Upcloud primarily now. I used to use some other vmware hosting providers before I realised how much I could save by using commodity providers.

If you do - have a play with Opnsense I like it a lot for perimeter work like this.

That is the one I was looking at.


1 Like