New Recorded Webinar on Firewall Configuration – NAT and Port Forwarding

For those of you who didn’t get the chance to watch the live webinar, we have made available the recorded NAT and Port Forwarding webinar for you to go through.

In this webinar we introduce you to the NAT and port forwarding required to allow the voice traffic to pass through the firewall and reach the PBX in each of the following scenarios

  • Connecting to a VoIP Provider
  • Connecting Remote Offices using Bridges.
  • Remote Extensions (3CXPhone)
  • Remote Extensions (IP Deskphones – Using SBC and STUN)

We also demonstrate the firewall checker, which you need to use to make sure that the port forwarding is properly configured, before proceeding to configure any of the above scenarios on the PBX.

Finally, we demonstrate the manual provisioning of a remote extension, using STUN.

Why is it important?

One of the most important factors in the setting up and configuring of a PBX is the network on which it resides. This is often overlooked, and usually not considered to be important, as traditionally, a PBX was totally independent of the corporate data network.

The network configuration is very important for the PBX, as it relies on the network to carry the voice traffic effectively and efficiently. If the network is not configured correctly, various issues with voice calls will occur. One of the most important network devices is the firewall, which is the main network protection device.

In order for the firewall to function as intended, it is important that it be configured correctly, to adequately protect the network and also allow the necessary voice traffic to enter the network and reach the PBX.

Another series of online trainings has already been scheduled so if you would like to participate in one of the live webinars all you need to do is register to the webinar of your choice. These online trainings are part of the revamped 3CX Academy where online trainings are held in an interactive and educational way using our very own, recently launched, 3CX WebMeeting.

3CX Online Trainings are becoming extremely popular. Note that places are given on a first come, first serve basis.

Liked this article?

Get notified of new articles
or share
You might also be interested in:
  1. Johan Thierry

    Nice to see this webinar, unfortunately there is nothing mentioned about the security risks involved with the setup as published in the webinar. Anybody can get the provisioningfiles from your webserver extract the usercredentials, this way anybody can abuse your 3cx system and place calls. Lately i spoke to a customer where they opened the ports and in a weekend they had a bill of almost €10000 for calling to expensive numbers.
    So please be aware of the risk of just opening your ports to the internet for remote extensions.

    September 18, 2014 at 11:23 am
  2. Hi Johan,

    Thank you for the feedback.

    There are various layers of security in the PBX which you can configure. The Firewall is only the 1st layer of security and should not be relied on to entirely secure the network and the PBX

    The specific webinar, focusses on the port forwarding required for VoIP Providers, SIP Trunks, Remote Extensions and Bridges to reach the PBX. The PBX itself has multiple mechanisms available to secure the configuration.

    First and foremost, it is recommended to use Version 12, which does have alot of security improvements over previous versions. The operating system should also be current and fully updated, so as to prevent non VoIP attacks from being implemented.

    The PBX provides the capability to block outbound calls during non office hours, so anyone trying to make calls outside of office hours, will be blocked. You can also PIN protect the outgoing calls to those people who are allowed to make outgoing calls.
    Extensions can be prevented from making outgoing calls as well, so extensions not required to do so can be prevented.
    Outbound rules can also prevent outgoing calls to unwanted destinations.
    Also, extensions which do not require to be connecting from outside of the LAN, should have this option blocked (This is the default behaviour) , as was explained in the Firewall webinar, when we allowed this specifically for the remote extension.

    The PBX also provides the capability to block outbound calls to premium numbers, as is specifically stated in another webinar for outbound calling.
    The PBX also blocks calls to outbound countries which are not required in day to day business.

    In order to find the provisioning file of the extension, the would be attacker would need to know the randomly generated provisioning folder, as well as the MAC address of the phone, and depending on the type of phone, the file which is generated.

    We have a slide presentation (webinar coming soon!) about securing the PBX in the 3CX Academy website where the security of the PBX is explained.

    September 23, 2014 at 11:29 am