Setting up your ProSBC or TMG
MaaS connects to your TelcoBridges units via RESTful API. Before you request a host, make sure each unit is reachable from MaaS and has a dedicated API account ready.
Network Access
Allow inbound HTTPS (or HTTP) from the MaaS source IPs to your unit's API port. HTTPS is strongly recommended.
MaaS source IPs:
3.97.78.80
52.60.210.201
Allow every MaaS IP through your firewall on the API port. Traffic may originate from any of them.
ProSBC integrated firewall — ProSBC units can be assigned a public IP directly, eliminating port forwarding.
IP Address Scheme
MaaS tracks up to four IP addresses per host, giving you visibility into both units of an HA pair and the floating address they share. All four are set on the Requesting a Host form.
Active IP
The address currently carrying traffic. For HA, this rotates automatically on switchover.
Primary IP
The fixed management address of the primary unit. Never fails over.
Secondary IP
The fixed management address of the secondary unit (1+1 only). Never fails over.
Floating IP
The HA virtual address that moves with the Active unit (1+1 only).
On a standalone unit, only the Active IP is used. On a 1+1 HA unit, Floating and Primary are the critical pair — see below.
Recommended Configuration (1+1 HA)
Use the Floating IP as the Active IP, and also configure the Primary IP. This is our recommended setup for every 1+1 deployment.
Floating + Primary
✅ Best
Floating gives uninterrupted monitoring through a switchover. Primary is required for accurate licensing checks and for firmware operations (Upgrade Manager targets the Primary unit).
Floating only
Acceptable fallback
Works if your network can't route to the Primary directly, but firmware operations and per-unit visibility are limited.
Primary + Secondary (no floating)
Acceptable fallback
Use only if your network genuinely cannot support a floating IP. MaaS still monitors both units, but you lose the clean switchover signal the floating IP provides.
Always use a floating IP if your network supports it. The fallback configurations exist for environments that cannot provide one — they are not equivalent.
Your firewall must allow MaaS to reach every IP you configure — including Primary and Secondary. MaaS talks to each unit directly for per-host metrics (CPU, RAM, disk, HA state), not just through the floating IP.
Floating IP (1+1 HA)
A floating IP is a virtual address that sits in front of your primary and secondary units. Whichever unit is Active answers on that address; on failover, the new Active unit takes it over. This is what keeps your SIP peers, RADIUS servers, and MaaS monitoring reachable without re-pointing.
Supported interface types:
ProSBC HA
OAMP/NAT (preferred) — Floats on catastrophic failure. Best for management and API access.
RTP/SIP — Floats by default.
H248/RADIUS — Floats by default.
If you use RTP/SIP or H248/RADIUS for MaaS monitoring, configure an ACL to allow MaaS source IPs. See ACL Configuration.
TMG HA
OAMP/NAT (preferred).
H248/RADIUS — Floats by default.
TMG does not support RTP/SIP for management. Use OAMP/NAT or H248/RADIUS.
Do not point MaaS at a Fixed Management interface as your Active IP — fixed interfaces do not fail over, and monitoring will stall during a switchover. Use the floating IP as your Active IP, and set Primary/Secondary to the fixed addresses so MaaS can still reach each unit individually.
API Account
Create a dedicated Web GUI user on the unit for MaaS to authenticate with.
Instructions: Creating Web Users — ProSBC Documentation
Permissions
A strictly read-only account is no longer sufficient. MaaS is evolving from pure monitoring into element management — firmware upgrades through Upgrade Manager write to the device, license operations need write access, and upcoming LLM-assisted workflows will ask for additional capabilities depending on what you want to automate.
Use the User Access Controls on your unit to grant MaaS exactly the permissions you're comfortable with — no more, no less. You remain in control of what MaaS can and cannot do as its feature set grows. At minimum, MaaS needs read access to status, configuration, and statistics; enable write access selectively for the features you intend to use.
Do not reuse a human administrator account. Create a dedicated MaaS user so you can audit its actions and revoke it independently.
Next: Once your firewall, IPs, and API user are ready, go to Requesting a Host to submit the unit for monitoring.
Last updated
Was this helpful?