[neuse]

I installed my first 3cx system and have static IP with DNS sip.domain.com and am having trouble getting remote connection to occur for 3cx VoIP phone. It works fine on LAN. I use SonicWall and *believe* I have proper ports open yet defer to those that have done it before to advise regarding the following settings:

firewall checker port list:
UDP SIP port 5060
TCP SIP port 5060
TCP Tunnel port 5090
RTP Ports range 9000-9049 -> UDP

However, http is *not* forwarded. So, if http://sip.domain.com:5000/provisioning ... 02_102.xml is required for autoprovisioning, shouldn't I open up port 80 to let http flow, or is there a security risk that would want one to autoprovision only from the LAN?

Is "Use 3cx tunnel" the preferred embodiment? I have that checked along with the "I am out of the office - use external IP" thingie. No connection thus far. Any advise for a newbie? I sold my first system and am trying my best to eat my own dog food and get things going before the client installation.

[eagle2]

You don't need to open port 80, instead of this open port 5000, if you want to use myphone from remote locations, etc.
3cx tunnel is not providing any encryption / security. It deals only with NAT issues.

You need to open also UDP port 5090 for 3cx tunnel to operate (if your list is correct).

If you need greater security use some VPN router solution (recommended). MikroTik routers could be a nice choice -- powerful and inexpensive. You may set IPsec or OpenVPN relatively easy.

To use SIP with SonicWall you need special setup to allow. As far as I know SIP is blocked by default in some SonicWall models. This could be the reason for not succeeding in registration / operation of remote extensions. Run also the 3cx firewall checker to see whether the SonicWall is not blocking your 3cx phonesystem.

Regards

[neuse]

You don't need to open port 80, instead of this open port 5000
You need to open also UDP port 5090 for 3cx tunnel to operate (if your list is correct).

To use SIP with SonicWall you need special setup to allow.

firewall checker passed. i opened port 5000 udp and tcp as well as 5090 udp. no love.

http://localhost:5000/provisioning/TcxP ... 02_102.xml

resolves yet not with sip.domain.com instead of localhost.

what special settings have folks seen with SonicWall?

[eagle2]

Hi,

for remote extensions you should use:
http://sip.domain.com:5000/provisioning/...
as well as for local extensions, if sip,domain.com resolves correctly to internal address of 3cx server.
'localhost' should resolve to 127.0.0.1 which means the machine on which is resolved.

Regarding SonicWall I tried to search the forums, but I didn't managed to find anything related.
I had a 3CX customer using SonicWall and he was experiencing similar problems, until the company supporting his SonicWall made some changes to allow SIP and RTP traffic. Your case sounds similar, but unfortunately I can't help you with this.

Try capturing the traffic with Wireshark -- this may give a clue.

Regards

[willow]

make sure you enable consistant nat on the sonic wall

[neuse]

i lucked out, got in touch with Nexvortex tech support that knew SonicWall and found the error in my firewall that permited incoming SIP traffic.

[pat]

i lucked out, got in touch with Nexvortex tech support that knew SonicWall and found the error in my firewall that permited incoming SIP traffic.

let us know....