modem <-> ooma <-> router
why this config: ooma qos, router may not have this.
i tend to have visitors whom i give my wifi password. i would like to prevent them from configuring my ooma device, not that they would, or would even know how, it is just peace of mind having my network elements secure.
i currently can not password protect the ooma device.
If not comfy, just put Ooma after the router and do not forward port 80 to 172.27.35.1. This way, you can't get into setup.ooma.com unless you have a physical ethernet connection to the "Home Internet" port.
If you have to put Ooma ahead of the router, get a router with "Guest Network." Of course, if you do that, then router likely has QoS so might as well connect Ooma to the router right?
Since neither my router nor my ooma device supports NAT loopback, any attempt from inside my LAN to browse my local server ends up on the internal port of my ooma device unless I have configured that user's computer. As I noted before, this port has no security.
If I "Allow access to web interface from INTERNET port" will this port be password protected? If not, moving the device behind my router would not completely solve my security issues. The ooma device is in a data closet and the internet port would be my only route for admin without physically connecting to the local port.
Looking through the history of forum, this security issue has been documented for years. My ooma device supports a phone in an elevator. It would be a shame if someone got access to my ooma device who didn't know what they were doing and disabled this service that is required by law.
> If you have Ooma ahead of the router, what's the chances of someone messing with http://setup.ooma.com or
> If not comfy, just put Ooma after the router and do not forward port 80 to 172.27.35.1. This way, you can't get into
> setup.ooma.com unless you have a physical ethernet connection to the "Home Internet" port.
> If you have to put Ooma ahead of the router, get a router with "Guest Network." Of course, if you do that, then router
> likely has QoS so might as well connect Ooma to the router right?
Connect to device via "home internet" port and then disable QoS (set up/down all to 0). Set to use built in MAC.
Then forget about the device. It would work and no further admin needed.
I would like to know if lbmoto is a representative of Ooma or not.
If not, I am thankful to lbmoto for the advice on how to best deal with the situation we are stuck with.
However, I would appreciate it if I could get an official response from Ooma on the issue.
It would be sufficient for a statement along the lines of:
It [is | is not] in Ooma's plans for the near future to add password protection to the Ooma device.