Administration — How-To Guides

Step-by-step instructions for user management, system configuration, backups, and security. Administration has six tabs: Users Management, Users Rights, Virtual Office, All users recent calls, DNS filtering, System.

Log in for the first time and change the default password

Goal: Log into the Abilis web interface for the first time after installation and immediately change the default password so only you can access the system. the default admin account.

1. Connect your computer to the Abilis LAN port with an Ethernet cable.
2. Open a browser and go to http://192.168.1.1 (the factory default address).
3. Log in with:
   • Username: admin
   • Password: PWDS followed by the serial number printed on the unit (e.g. PWDS1919010).
4. Immediately change the password:
   • Go to Administration > Users Management.
   • Click on the admin user.
   • On the Basic Parameters tab, change the password.
   • Click Save.

Create a new user account

Goal: Create a new user account so that an employee can log into the Abilis web interface, use a phone extension, or access specific features based on their role.

1. Go to Administration > Users Management.
2. Click Add user.

3. Fill in:
   • Username: the login name (e.g. maria.rossi). No spaces allowed.
   • Name: the person's full name (e.g. "Maria Rossi").
   • Group: optional — assign to a user group.
   • Password: choose a strong password.
   • Level: the access level. Choose from:
     • No — account disabled.
     • User — basic access (phone, address book only).
     • Advanced — can change own settings and view more data.
     • Manager — can manage some users and settings.
     • Admin — full access to all settings and user management.
   • Home Page: which page loads after login.
   • 2-factor authentication: enable for extra security (No by default).
4. Click Save.

Assign privileges to a user

Goal: Control what each user can see and do in the Abilis web interface — for example, giving the receptionist access to Phone and OPC Panel but not to Networking or Administration. Even an Admin-level user sees nothing until you enable specific sections.

1. Go to Administration > Users Management.
2. Click on a user to open their settings.
3. Click the Privileges tab.
4. Six sub-tabs appear — one for each section:
   • Network — access to Networking. Also controls: FTP Enabled checkbox, FTP home directory.
   • Phone — access to Phone (SIP extension, call management).
   • Automation — access to Automation (control panels, loops, monitoring).
   • Videorecorder — access to video feeds and recordings.
   • Automotive — access to fleet management.
   • Tools — access to audio messages, SMS, DISA, disk, CPU.
5. On each sub-tab, tick the "Access to…" checkbox to enable that section. Additional options may appear below (e.g. FTP settings for Network).
6. Click Save.

Grant a user access to only specific directories (Users Rights)

Goal: You want one user to be able to download call recordings via FTP — but nothing else on the Abilis filesystem. Or: you want an integrator to read the configuration export folder but not touch anything else. Privileges (in Users Management) grant access to sections; Users Rights grants access to paths and directories within a protocol, which is much finer-grained.

1. First make sure the user exists and has the relevant protocol enabled. For an FTP-only user, follow Create a new user account and at Assign privileges enable FTP only.
2. Go to Administration > Users Rights.
3. You see a table of rules that bind a user (or group) to a protocol and a path, with specific permissions. Click New +.
4. Configure the rule:
   • User / Group: the username (or a group name).
   • Protocol: FTP (or HTTP / LDAP depending on what you're restricting).
   • Path: the directory or file this rule applies to — e.g. /recordings/ for call recordings, or /config/ for configuration exports. Use the filesystem paths as the Abilis sees them.
   • Rights: tick only what the user needs — typically read is enough for retrieval; write only if they must upload; list to let them see directory contents.
5. Click Save.
6. Test — log in to the Abilis as that user over FTP. They should be able to navigate into /recordings/ and download files; attempts to go elsewhere should be denied.

Activate HTTPS for secure web access

Goal: Enable encrypted access to the Abilis web interface so that login credentials and all data are protected from eavesdropping on the network. passwords and data aren't sent in plain text.

1. Go to Networking > Settings > HTTP.
2. Tick Advanced to see all options.
3. Make sure Enabled is ticked.
4. Under HTTPS interface:
   • HTTPS port: 443 (default).
   • Maximum number of simultaneous HTTPS clients: 10 (default).
   • Hosts authorised to use HTTPS (IPSRC-S): 127.000.000.001 means localhost only. Change to 000.000.000.000 or a specific range to allow remote access.
   • List of hosts authorized (IPSRCLIST-S): select a list (e.g. PrivateIpAdd) to restrict access to known IPs.
5. Click Apply Changes.
6. Access the Abilis at https://192.168.1.1. Your browser may show a certificate warning (because the default certificate is self-signed) — this is normal. Click "Advanced" and "Proceed" to continue.

Redirect HTTP to HTTPS (force secure access)

Goal: You've activated HTTPS (see Activate HTTPS above), but some users still type http://192.168.1.1 out of habit and land on the unencrypted page. You want the Abilis to automatically redirect them to the secure https:// version, so all connections are encrypted — no matter what the user types.

1. Go to Networking → Settings → HTTP.
2. Under HTTP interface, find the checkbox labelled "Redirect HTTP requests to HTTPS" and tick it.
3. Click Apply Changes.
4. Test it. Open a new browser tab and type http://192.168.1.1 (or whatever your Abilis address is, without the "s"). The browser should automatically jump to https://192.168.1.1.

Activate SSH for remote administration and file transfer

Goal: You want to be able to reach the Abilis from outside the local network, or you need a secure way to transfer files to it (typically to upload firmware packages to the /pkg/ folder, or to pull a configuration backup). SSH gives you both — an encrypted command-line session and SFTP file transfer on the same port.

Who this is for: administrators who occasionally need CLI access for troubleshooting, or who upload firmware packages as part of the upgrade procedure. Regular users do not need SSH.

1. Go to Networking > Settings > Ports.
2. Look for a resource named SSH in the list. If it is present and green, SSH is already active — you can skip to step 5 to confirm.
3. If SSH is not present, click New + and add a resource of type SSH.
4. On the SSH resource, make sure Active is ticked. Leave the default port (22) unless you have a specific reason to change it. Click Save.
5. Save the configuration and restart the Abilis — see Restart the Abilis. SSH only becomes available after the restart.
6. Test from another computer. Open a terminal and connect: ssh super@<abilis-ip>. You should be prompted for the password.

Configure the email sender (SMTP) for alerts and notifications

Goal: Several Abilis features send email — the Alert Manager channel of type E-mail, voicemail-to-email notifications, some Control Loops. For any of those to reach an inbox, the Abilis needs valid SMTP sender settings: what address emails come from, and which outgoing mail server to relay through.

1. Obtain the SMTP credentials from the operator of your outgoing mail server:
   • SMTP server host (e.g. smtp.gmail.com, smtp.office365.com, your ISP's relay, or an internal mail server).
   • Port — typically 587 (STARTTLS) or 465 (TLS). 25 is rarely accepted now.
   • Authentication: usually a username (often the same as the sender address) and a password. Gmail and Office 365 require an app password, not the main account password.
   • Sender address — the From that recipients see.
2. Go to Administration > System > General parameters.
3. Find the mail-related fields (the label is usually Default e-mail sender or similar).
4. Fill in:
   • Sender address — e.g. abilis@yourcompany.com. If you leave this as AUTO, the Abilis builds one from its hostname (abilis@abilis_cpx_), which most mail servers will reject as unroutable.
   • SMTP server / port / username / password — the values from step 1.
   • Security — choose TLS or STARTTLS to match the server.
5. Click Save.
6. Test — attach an email alert channel (see Set up Alert Manager channels) to a harmless trigger, and fire it. Check that the email arrives, isn't in spam, and the From looks right.

Back up and restore the configuration

Goal: You want to save a copy of all your Abilis settings — so that if something goes wrong (a bad configuration change, a hardware failure, a firmware upgrade that breaks something), you can get back to a known working state without reconfiguring everything from scratch.

Saving your configuration:

1. Go to Administration → System → Config management.
2. Check the status. You'll see one of two states:

   Status	What it means
   Saved (button shows "Already saved")	All your current settings are written to disk. You're safe.
   Unsaved	You've made changes that exist only in memory. If the Abilis restarts now, those changes will be lost.

3. If Unsaved, click the save button. Wait for the status to change to "Saved".

When to save: Save your configuration every time you make a change you want to keep. Get into the habit of checking this page after any settings change — it takes 5 seconds and can save you hours of reconfiguration.

Regain access when locked out of the admin web interface

Goal: The admin password was forgotten or was changed and not recorded, and nobody can log in to the web interface to fix anything else. You need to get back in without reinstalling or losing the configuration.

Before trying anything drastic, try the factory default login. It is sometimes still accepted even after the password has been changed, depending on the settings that were applied:

1. Open the browser and go to the Abilis address.
2. Try Username: admin and Password: PWDS followed by the unit's serial number — e.g. PWDS1919010 — as documented in Log in for the first time. The serial number is on the label on the Abilis unit.
3. If that works, immediately set a new password for the admin user and store it in a password manager this time.

If the PWDS default does not work, the system has been configured to reject it. The recovery path depends on what access you still have:

1. If another admin-level user still exists and is accessible — log in as that user and reset the locked-out account via Change or reset another user's password. This is the easiest case.
2. If you have physical access to the unit — connect directly via the console port (or an SSH session if SSH was left enabled) with the SUPERUSER account, and use that to reset the admin password. The SUPERUSER account is protected by a different credential set from the web-admin accounts.
3. If none of the above applies — you are locked out. Contact Anteklab support with the unit's serial number. They can provide a recovery procedure specific to the firmware version running on your unit. Do not perform a factory reset unless instructed — it will also erase your entire configuration, not just the password.

Upgrade the firmware via the web interface

Goal: Update the Abilis software to a newer version — to get bug fixes, security patches, or new features.

1. Go to Administration > System > Boot Management.
2. The page shows: Previous version, Current version, Next version.
3. Below, Select next boot version lists all installed firmware versions.
4. To upload a new firmware: click Update and follow the prompts.
5. To switch to a different installed version: select it in the list, click Set as Next, then click Reboot.
6. To remove an old version: select it and click Uninstall.

Restart the Abilis from the web interface

Goal: You need to restart the Abilis — for example, after a firmware upgrade, after changing a setting that requires a reboot, or because something is behaving unexpectedly and a restart may fix it (the networking equivalent of "turn it off and on again").

1. Save your configuration first. Go to Administration → System → Config management. If the status shows "Unsaved", click the save button. If it shows "Already saved", you're good. This is critical — unsaved changes are lost when the Abilis restarts.
2. Go to Administration → System → Boot Management.
3. Click Reboot. The Abilis will begin shutting down and restarting.
4. Wait 1–2 minutes. During this time, all internet connections, phone calls, and VPN tunnels will be interrupted. The web interface will be unreachable.
5. Refresh the page. After 1–2 minutes, refresh your browser. When the login page appears, the Abilis is back online.

View system information

Goal: Check basic information about your Abilis: which firmware version is running, how long it has been on since the last restart, the serial number, and overall system status.

1. The home page (after login) shows: device name, Serial Number, Firmware version.
2. For system-wide settings, go to Administration > System > General parameters.
3. Here you can configure:
   • Default e-mail sender: the address alerts are sent from (e.g. AUTO uses abilis@abilis_cpx_).
   • Default e-mail recipient: where alerts are delivered.
   • Default e-mail recipients list: a list (from Tools > Lists) of multiple recipients.
   • Default e-mail body format: STANDARD or HTML.
   • Default outgoing called/calling number for SMS and Calls: the numbers used for alarm notifications.
4. Click Save.

Change the Abilis device name (hostname)

Goal: By default every Abilis reports itself as ABILIS_CPX — which becomes confusing the moment you manage more than one unit. Giving each Abilis a meaningful name (HQ-Milan, Warehouse-1, Villa-Gate) makes logs, alerts, and support tickets much easier to attribute to the right site.

Where the name shows up: the browser title, the SSH login prompt, the SYSLOG messages sent to a remote server, and the From field of email alerts.

1. Go to Administration > System > General parameters.



2. Find the Device name (or Hostname) field.
3. Enter a new name. Rules:
   • Letters, digits, hyphens and underscores only — no spaces or special characters.
   • Keep it under about 30 characters so it displays cleanly in logs.
   • Make it unique across your estate so every log line can be traced to one unit.
4. Click Save. The change takes effect immediately for new log entries and sessions; existing browser tabs may need a refresh.

View the boot log

Goal: Something isn't working after a restart — phones aren't registering, internet isn't connecting, or a feature that was working before is now missing. The boot log tells you exactly what happened when the Abilis started up: which services loaded successfully, which ones failed, and why.

1. Go to Administration → System. Click the Administration icon, then System.
2. Look for the boot or startup log section. This shows a chronological list of everything that happened during the last boot: services starting, resources being loaded, and any errors.
3. Scan for problems. Look for lines containing FAILED, ERROR, or WARNING. These tell you what went wrong.
4. Common issues and what to do:

   What you see in the log	What it means	What to do
   A service shows "FAILED"	That service couldn't start — usually a configuration problem.	Go to the relevant Settings page and check the configuration for that service.
   "Licence" error	A feature requires a licence that's missing or expired.	Check with your Anteklab contact about your licence status.
   "Resource missing"	A resource (like FTP or HTTP) isn't activated.	The resource needs to be enabled — see the relevant how-to section.

Forward logs to a central SYSLOG server

Goal: You already run a central log collector (Graylog, rsyslog, Splunk, Wazuh, or a plain syslogd server) for all your network equipment. You want the Abilis to stream its events — logins, failed authentications, VPN state changes, alarms, resource restarts — to that collector so they sit alongside logs from everything else.

What you need before you start: the IP address of your syslog server (for example 192.168.0.100). The server must be reachable from the Abilis and must accept inbound UDP on port 514 (the SYSLOG default).

1. Go to Networking > Settings > Ports and check that a SYSLOG resource is present. If not, click New + and add one.
2. Open the SYSLOG resource and set:
   • Active: ticked.
   • Hostname: the name this Abilis will use to identify itself to the server. If you have already set a device name (see Change the Abilis device name), use the same value here.
   • Receiver 1: the IP address of your syslog server (e.g. 192.168.0.100).
   • Receiver 2 / 3 (optional): additional servers if you want redundant logging.
3. Click Save.
4. A system restart is required to bring the SYSLOG resource online — see Restart the Abilis.
5. Verify on your syslog server that messages from the Abilis are arriving. On a Linux syslog server the quickest check is tail -f /var/log/syslog | grep <abilis-hostname>.

Activate the FTP server

Goal: Enable the FTP server so you can upload and download files (firmware packages, audio messages, backups) using an FTP client like FileZilla. (e.g. FileZilla, WinSCP, or the file manager built into Windows and macOS).

Step 1 — Check if FTP is already active

1. Go to Networking > Settings > FTP.
2. If you see the FTP settings form, the resource is already active — skip to Step 2.
3. If the tab shows "Service missing", the FTP resource needs to be activated first. This is a one-time setup that requires access to the Abilis control program (CLI).

Step 2 — Configure FTP settings

Once the FTP resource is active, the Settings > FTP tab shows:

1. Make sure Enabled is ticked.
2. Review the default settings:
   • Local TCP control port: 21 (standard FTP port).
   • Local TCP data port: 20 (standard).
   • Maximum number of simultaneous FTP clients: 6 (increase if needed).
   • Maximum number of simultaneous SSL FTPS clients: 2 (for encrypted connections).
   • Authorised hosts to use this FTP (IPSRC): 127.000.000.001 means localhost only. Change to 000.000.000.000 to allow connections from any LAN device, or enter a specific IP.
   • List of hosts authorised to use this FTP (IPSRCLIST): select a list (e.g. FTPru) to restrict access to known IPs.
3. Click Apply Changes.

Step 3 — Enable FTP per user

1. Go to Administration > Users Management, click a user.
2. Go to the Privileges > Network tab.
3. Tick FTP Enabled and optionally set an FTP home directory.
4. Click Save.

Create a list (IP addresses, phone numbers, etc.)

Goal: Create a reusable list of IP addresses, phone numbers, or domains that you can reference in firewall rules, call routing, or other settings — instead of entering the same values in multiple places. referenced by firewall rules (ACL), NAT rules, DNS filtering, and other features.

1. Go to Tools > Lists.
2. Click Add a new list +.

3. Fill in:
   • Name: a short identifier (e.g. Office_IPs). Used when referencing the list in quotes in ACL/NAT rules.
   • Description: a human-readable label (e.g. "office IP addresses").
   • Type: what kind of entries the list holds (IP, IR, FQDN, UNUM, etc.).
   • Editable: No (read-only) or Yes (can be modified later).
4. Click Save.
5. The list appears in the table. Click on it to add entries.

Change or reset another user's password

Goal: An employee has forgotten their password and can no longer log into the Abilis web interface, or you want to change a user's password for security reasons. As an administrator, you can set a new password for any user.

1. Go to Administration → Users Management. Click the Administration icon in the sidebar, then Users Management. You will see the list of all user accounts.
2. Click on the user whose password you want to change. Their settings page will open.
3. Find the password field. Under Basic Parameters, look for the Password field. It will be masked (shown as dots).
4. Type the new password. Clear the field and type the new password. Choose something the user can remember, but not obvious — at least 8 characters mixing letters and numbers is recommended.
5. Save. Click Apply Changes.
6. Tell the user. Let the employee know their new password. They should change it to something personal after their first login by going to Tools → Password (if available) or asking you to update it again.

Temporarily disable a user account without deleting it

Goal: A colleague is on extended leave, an employee is between roles, or a contractor has finished a short engagement. You want to stop them logging in or receiving calls — immediately — but not destroy the account, its recent-calls history, address book, and preferences. When they come back, or when the audit is done, you want to re-enable it in one click.

1. Go to Administration > Users Management.
2. In the user list, find the row of the person you want to disable.
3. Untick the Active checkbox on that row.
   • The account immediately stops accepting logins (web, SIP, SSH).
   • Any SIP phone registered under that user un-registers on its next keep-alive.
   • Calls to the user's extension go to the configured no-answer destination (voicemail, group, or a busy signal) depending on existing CTI routings.
4. Click Save.
5. When the person returns, repeat the steps and tick Active again. Everything — password, extension number, privileges, address book, recordings — is still there and works as before.

Check who is currently logged into the Abilis

Goal: You want to know which users or devices are currently connected to the Abilis — for example, to check if someone is using a shared account, or to verify that a VPN connection is active.

1. Go to Administration → System. Click the Administration icon, then System.
2. Open the General Parameters tab. This page shows basic system information including active sessions.
3. Review the information. You can see the current firmware version, uptime, and active connections. If you suspect unauthorized access, check the recent login activity and compare it against your known users.