Another thing you can do for increased security is use domain names and don't register phones to IP addresses as the authentication realm.

Reason for this is when anyone attempts to register to the IP address we know they are not a customer. We have a fail2ban rule that can be enabled

Edit file /etc/fail2ban/jail.conf find enabled = false and set it to true the two sections that should be enabled are:

[freeswitch-ip-tcp]
[freeswitch-ip-udp]

service fail2ban restart

It pains me a bit to have these disabled but currently they are disabled as we need to inform the user to use domain names instead of IP addresses if they want tighter security. When we can educate users enough we may default these to enabled.

My name in Mark J. Crane I'm the creator and lead developer of FusionPBX. Some of the code for FusionPBX was written before I found FreeSWITCH in early alpha before its 1.0 release. Which would make FusionPBX a little more than 10 years. I started the project on pfSense as the FreeSWITCH package and later moved it out to get a larger audience and a real database server.

FusionPBX install is now very easy on Debian 8 (preferred by FreeSWITCH developers). We also have a FreeBSD, CentOS, and Devuan install scripts. The install script ask no questions it just does the install and tells you a random password to login at the end. You can edit a resources/config.sh file that has all the defaults set in it if you want to preset usernames and passwords or change other defaults.

SLA - shared line appearance does work with FreeSWITCH and FusionPBX works great with Yealink and SPA phones.

In FusionPBX we also saw ghost calls which were fixed by changing the phones configuration to not accept un-authenticated calls.

The mention on security mod_xml_rpc is not even installed by default as we don't use it for anything. Also the install script adds a firewall but doesn't enable port 8787 this would be better to be accessed across a VPN for better security.