Help / Customer FAQ
Sharing the agent self-serve firewall URL
How to give your agents a one-URL way to whitelist their own IP for the dialer, without you in the loop.
Each of your servers gets a branded self-serve URL agents can visit when their IP changes — usually after they reboot their router, switch networks, or work from a new location. The URL ends in a unique slug for your server, so different teams stay isolated.
Where to find the URL
Open /dashboard/servers/<your-server-id> → the Firewall card. The agent self-serve URL is shown at the top with a Copy and Share button next to it. Share that URL with your agents — by email, in your team chat, or pinned in your support docs.
What the agent sees
Visits
firewall.<our-domain>/<your-server-slug>Branded login page (your logo, your colors).
Enters their VICIdial username + password — the same ones they use to log into the agent screen.
If you've enabled MFA, also enters a 6-digit code from their authenticator app.
Sees ✓ Whitelisted, can close the tab. Their IP works on the dialer for the next 24 hours (or whatever you set in Firewall → Settings).
What if our platform is down?
Each of your servers also runs a local fallback portal at https://<your-server-fqdn>:446/firewall. If the main URL above is unreachable, your agents can use that one instead. Same login flow; rule lasts 1 hour instead of 24 (because the platform-side rate limits + audit log can't reach us during an outage). The full grant resumes as soon as connectivity recovers.
Common agent questions
"It says wrong password." — Their VICIdial password may have been reset. Check / re-issue from VICIdial admin.
"It says MFA needed but I'm not enrolled." — You enabled "Require TOTP" in your firewall settings but didn't enroll the agent yet. Either enroll them (Firewall → Agent MFA → Enroll) or turn the toggle off.
"It says rate-limited." — Too many failed attempts from their IP in the last hour (10/hour cap). Wait or have them switch networks.
"I got a green tick but VICIdial still says blocked." — Up to 60 seconds for the rule to apply on the box. If it's still failing after a minute, the rule is in our system but not on the box — open a support ticket.
Settings worth knowing
In /dashboard/servers/<id> → Firewall → Settings:
Whitelist duration: 24 / 48 / 72 hours, or 7 days. Longer = less friction; shorter = tighter security on stolen creds.
Require TOTP: forces agents to enter an authenticator code in addition to their password. Strongly recommended for agents working from outside the office.
Block countries: ISO 2-letter codes for countries to deny entirely. Use this if your agents are all in one region and you want to rule out attackers from elsewhere.
Tags: firewall, agents, self-serve