What to look for when buying a router for use with VoIP & 3CX Phone System

Purchasing a router may sound like a pretty simple task. This however can become somewhat challenging when VOIP comes into play. There a couple of core functions that your choice of router needs to perform so as to simplify your configuration for use with 3CX.

Required Functionality for VoIP & 3CX

  • Port Forwarding – The device must be able to handle port forwarding from WAN to LAN without changing the port numbers.
  • Outbound Traffic Control – The PBX must be able to send outbound packets to ANY external location.
  • Static Port forwarding – As inbound traffic reaches the router, the port forwarding rule functionality must have the ability to forward packets.
  • Application Layer Gateway – An ALG or SIP ALG is also a common function on routers. However, such functionality is not always implemented in the same way across different brands and models. A SIP ALG will in any case modify the inbound and outbound traffic and will in MOST cases break the SIP exchange. We therefore STRONGLY recommend that you look for a device without a SIP ALG, or one that allows you to fully disable such functionality. Note that even though most devices provide an interface control to disable the SIP ALG functionality, the functionality sometimes still runs in the background.
  • IP based restrictions – For a proper and secure implementation, you should use a device that can allow or disallow traffic from specific IP addresses or ranges. This will allow you to stop unwanted traffic from reaching your PBX and block these unwanted connections at the WAN side of the router.
  • Optional Functionality – QOS Tagging – If the device has QOS functionality this will allow you to tag VoIP traffic to manage bandwidth utilization and ensure voice quality remains unaffected by other bandwidth intensive applications.

Links to known working routers

The following are links to guides for some routers known to work with 3CX. It is important to note that different hardware / firmware versions of the devices may generate different results. Please do not consider this an official list – lab testing and a familiarity with the device remains a pre-requisite.

Liked this article?

Get notified of new articles
or share
You might also be interested in:
  1. Thomas Vliegen

    The Zywall USG Series are working great alswell

    May 11, 2011 at 1:18 pm
  2. Hi William,

    Please review some questions that arise from the above:

    1: What happened to port 5090 (Tunnel)
    2: What about port 3478 (Stun)
    3: What about port 5481 (Webserver)
    4: Are ports 10000-10049 new (for V10?)

    Your blog is not at all in line with the (V10-)manual???

    Please can we unify between Blog(s) and Manual(s)?

    May 11, 2011 at 3:59 pm
    • @joep – The blog post relating to V10 quite clearly states that the only port that changes it the port of the web server on port 5000. All else remains the same as per the manual. Older blog articles obviously refer to older versions of 3CX.

      May 12, 2011 at 5:46 pm
  3. Daniel Brook

    I use Fortigate firewalls exclusively and have had nothing but success with them. I’ve been able to run remote Polycoms without a tunnel and easily apply traffic shaping policies to the RTP traffic.

    May 22, 2011 at 3:04 pm
  4. Raimond

    Hi Daniel,

    Would really like to talk to you about the Fortigate config you have. Can you please contact me at raimond.barbaro@synertecasia.com.


    May 25, 2011 at 1:32 pm