# Setting up your ProSBC or TMG

MaaS connects to your TelcoBridges units via RESTful API. Before you request a host, make sure each unit is reachable from MaaS and has a dedicated API account ready.

***

## Network Access

Allow inbound HTTPS (or HTTP) from the MaaS source IPs to your unit's API port. HTTPS is strongly recommended.

**MaaS source IPs:**

* 3.97.78.80
* 52.60.210.201

{% hint style="warning" %}
Allow **every** MaaS IP through your firewall on the API port. Traffic may originate from any of them.
{% endhint %}

**ProSBC integrated firewall** — ProSBC units can be assigned a public IP directly, eliminating port forwarding.

<figure><img src="/files/CNjNq8LUH98Pr8wOL9uG" alt=""><figcaption></figcaption></figure>

***

## IP Address Scheme

MaaS tracks **up to four IP addresses per host**, giving you visibility into both units of an HA pair and the floating address they share. All four are set on the [Requesting a Host](/maas-documentation/getting-started/requesting-a-host.md) form.

| IP               | Purpose                                                                                   |
| ---------------- | ----------------------------------------------------------------------------------------- |
| **Active IP**    | The address currently carrying traffic. For HA, this rotates automatically on switchover. |
| **Primary IP**   | The fixed management address of the primary unit. Never fails over.                       |
| **Secondary IP** | The fixed management address of the secondary unit (1+1 only). Never fails over.          |
| **Floating IP**  | The HA virtual address that moves with the Active unit (1+1 only).                        |

On a **standalone** unit, only the Active IP is used. On a **1+1 HA** unit, Floating and Primary are the critical pair — see below.

### Recommended Configuration (1+1 HA)

**Use the Floating IP as the Active IP, and also configure the Primary IP.** This is our recommended setup for every 1+1 deployment.

| Configuration                     | Recommended         | Why                                                                                                                                                                                                                                           |
| --------------------------------- | ------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Floating + Primary**            | ✅ Best              | Floating gives uninterrupted monitoring through a switchover. Primary is required for accurate licensing checks and for firmware operations ([Upgrade Manager](/maas-documentation/maintenance/upgrade-manager.md) targets the Primary unit). |
| Floating only                     | Acceptable fallback | Works if your network can't route to the Primary directly, but firmware operations and per-unit visibility are limited.                                                                                                                       |
| Primary + Secondary (no floating) | Acceptable fallback | Use only if your network genuinely cannot support a floating IP. MaaS still monitors both units, but you lose the clean switchover signal the floating IP provides.                                                                           |

{% hint style="warning" %}
Always use a floating IP if your network supports it. The fallback configurations exist for environments that cannot provide one — they are not equivalent.
{% endhint %}

{% hint style="info" %}
Your firewall must allow MaaS to reach **every** IP you configure — including Primary and Secondary. MaaS talks to each unit directly for per-host metrics (CPU, RAM, disk, HA state), not just through the floating IP.
{% endhint %}

***

## Floating IP (1+1 HA)

A floating IP is a virtual address that sits in front of your primary and secondary units. Whichever unit is Active answers on that address; on failover, the new Active unit takes it over. This is what keeps your SIP peers, RADIUS servers, and MaaS monitoring reachable without re-pointing.

**Supported interface types:**

### ProSBC HA

* **OAMP/NAT** (preferred) — Floats on catastrophic failure. Best for management and API access.
* **RTP/SIP** — Floats by default.
* **H248/RADIUS** — Floats by default.

{% hint style="warning" %}
If you use **RTP/SIP** or **H248/RADIUS** for MaaS monitoring, configure an ACL to allow MaaS source IPs. See [ACL Configuration](https://prosbcdocs.telcobridges.com/configuration-details/configuration-by-web-portal-category/system-settings/create-session-border-gateway-access-control-list-acl-filters).
{% endhint %}

### TMG HA

* **OAMP/NAT** (preferred).
* **H248/RADIUS** — Floats by default.

{% hint style="info" %}
TMG does not support RTP/SIP for management. Use OAMP/NAT or H248/RADIUS.
{% endhint %}

{% hint style="warning" %}
Do **not** point MaaS at a Fixed Management interface as your Active IP — fixed interfaces do not fail over, and monitoring will stall during a switchover. Use the floating IP as your Active IP, and set Primary/Secondary to the fixed addresses so MaaS can still reach each unit individually.
{% endhint %}

<figure><img src="/files/NsCAIV9E9YgDXa8Q1ajx" alt=""><figcaption><p>1+1 HA — floating IP sits in front of both units</p></figcaption></figure>

***

## API Account

Create a dedicated Web GUI user on the unit for MaaS to authenticate with.

Instructions: [Creating Web Users — ProSBC Documentation](https://prosbcdocs.telcobridges.com/configuration-details/configuration-by-web-portal-category/system-settings/creating-web-users)

### Permissions

A strictly read-only account is no longer sufficient. MaaS is evolving from pure monitoring into element management — firmware upgrades through [Upgrade Manager](/maas-documentation/maintenance/upgrade-manager.md) write to the device, license operations need write access, and upcoming LLM-assisted workflows will ask for additional capabilities depending on what you want to automate.

Use the **User Access Controls** on your unit to grant MaaS exactly the permissions you're comfortable with — no more, no less. You remain in control of what MaaS can and cannot do as its feature set grows. At minimum, MaaS needs read access to status, configuration, and statistics; enable write access selectively for the features you intend to use.

{% hint style="warning" %}
Do not reuse a human administrator account. Create a dedicated MaaS user so you can audit its actions and revoke it independently.
{% endhint %}

***

**Next:** Once your firewall, IPs, and API user are ready, go to [Requesting a Host](/maas-documentation/getting-started/requesting-a-host.md) to submit the unit for monitoring.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://prosbcdocs.telcobridges.com/maas-documentation/getting-started/setting-up-your-prosbc-or-tmg.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.