Plantronics + Polycom. Now together as Poly Logo

Polycom IP Phones Pprovisioning

Occasional Visitor

Polycom IP Phones Pprovisioning

I am sure that this is a popular topic I would appreciate any help or information

Recently hacking and fraud has become the norm, therefore we are rethinking if are current provisioning strategy is up to speed, we are responsible for approximately 4000 Polycom IP phones.....

We currently have a FTP server with all the provisioning files which includes the phones unique registration credentials.

Unfortunately to my knowledge there is no way of keeping the passwords encrypted on the FTP server so this is issue number one if someone is successful of hacking into our FTP server they got everything they need.

The files transferring from the FTP server to the phones while transferring if someone is able to hack into the network and capture the packets they could very easily extract the passwords.

Therefore I'm coming to you to ask which solutions are the most recommended and is there any providers selling just this part as a service helping provisioning or do you have any products from Polycom itself providing so doing mass provisioning and management.


Message 1 of 4
Polycom Employee & Community Manager

Re: Polycom IP Phones Pprovisioning

Hello YK,


welcome to the Polycom Community.


You could utilize HTTPS or FTPS Provisioning or encrypt the configuration Files.


You will need to contact Polycom Support as described in this documentation => here <=


Best Regards


Steffen Baier


Polycom Global Services

The title Polycom Employee & Community Manager is a community setting and does not reflect my role. I am just a simple volunteer in the community like everybody else. My official "day" Job is 3rd Level support at Poly but I am unable to provide official support via the community.


Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's
Message 2 of 4
Occasional Visitor

Re: Polycom IP Phones Pprovisioning

Thanks Steffen.


We are attempting what we thought would be simpler, having the phones connect to the provisioning server via FTP(S) to download their configuration files. We're not concerned about the phone encrypting its log or settings files when it sends them back to the provisioning server, we just want the phones to authenticate and download securely to prevent "man-in-the-middle" attacks.


Based on the list of Certificate Authorities (in this doc) trusted by SoundPoint phones we purchased a GeoTrust certificate and configured our FTP server (vsftpd) to use that cert and force SSL for login and data transfer. We confirmed this works with an FTP(S) client application (Transmit on Mac).


However when we configure a SoundPoint 331 to use FTP(S) it tells us it can't contact the boot server. Prior to forcing SSL we had vsftp running as a normal (no SSL) FTP server and verified that this phone could connect via FTP to the same server and download its config files.


Can you tell us what we're doing wrong? Thanks in advance for any wisdom you can pass our way.

Message 3 of 4
Occasional Visitor

Re: Polycom IP Phones Pprovisioning

Oops I think we figured out the problem. I was thinking "FTP(S)" meant explicit SSL on port 21. The Soundpoint refers to implicit SSL on port 990 as "FTP(S)" and the version of vsftpd we're running doesn't support implicit SSL. Going to try to upgrade to a newer version of vsftpd that does support implicit SSL and try again. Will post back if it works.

Message 4 of 4