What is the firewall checker and why do i need it?

Introduction

The 3CX Firewall Checker checks whether the ports needed to communicat with your VOIP provider are open and properly configured with STATIC Port mapping. If the firewall checker does not complete successfully, you will not be able to make or receive calls from a VoIP provider or external extension. Common symptoms that are linked to incorrect firewall configurations are:

• No registrations
• 1 way audio
• Stun Problems, or incorrect resolution

The firewall chcker can be run during the creation of a VoIP provider and from the General Settings page - Ports and Firewall Configuration sections.

Interpreting the test results

If your firewall check results containts errors or warnings, you have a problem that you will need to address. For more information why you need to do this, check this FAQ. For sample firewall configurations check these FAQs:

There are 3 main error categories that one can encounter after performing a firewall check:

1. Success or Informative – Passes fall in this category.
2. Warnings – in this group many of the errors which are not OK and Failures fall in. If a Firewall check passes with a warning, it may work in some setups but there may be the possibility of problems or problematic calls in certain scenarios.
3. Failures.

Possible errors & warnings

The following are the possible errors and warnings that may occur with an explanation:

Type 0; error = the specified port is in use by another application. This means that another application is using or listening on this port.

Type 1; error = STUN server resolution failed. Please check STUN server entry and that port 3478 is open. This means that the local port could not be opened via the STUN Server. There may be a problem in communication with the STUN server. If a STUN server is not defined for checking, this error code will not show.

Type 2; error = STUN server cannot be contacted. Please check firewall configuration. Request for checking of global (NAT) address (gotten from STUN) could not be sent to Firewall Checker Agent. This issue can be generated only if a STUN server is defined for checking.

Type 3; error = STUN server is not specified or cannot be contacted. Please check the FAQ for more information. Request for checking of local port could not be sent to the Firewall Checker Agent. This issue can be generated if no STUN server is defined for checking or if STUN server returned a port different from the local one.

Type 4; error = The STUN server returned an IP which is not accessible from outside. Global address (returned by STUN) is not accessible from outside. This issue can be generated only if a STUN server is defined for checking.

Type 5; error = No STUN server was specified. Please specify a STUN server and try again. Local port is not accessible from outside. This issue can be generated only if STUN server is not defined for checking.

Type 6; error = An incompatible NAT configuration has been detected. Please check FAQ for further information. Different NAT translation for different requests (to STUN and Firewall Checker Agent). This situation can occur if there is something wrong with NAT translation or a symmetric NAT is used.

Type 7; error = The firewall checker server service agent did not return a valid response. Please check FAQ for further information. Two responses from Firewall Checker Agent have been presented from different sources. This situation is rare. If it has occurred, then something is very wrong with NAT translation from global to local addresses.

Type 8; warning = Local port is notblocked from outside. STUN server has returned global port different from the local one, but the local port is also accessible from outside. Local port is not blocked from outside. STUN server has returned global port different from the local one, but both ports are accessible from outside.

Type 9; info = Port is open and can be used for calls. Gives information about global (NAT) address assigned to the local port. This issue is generated only if the global port returned by STUN server is the same as the local port, that is, no NAT translation has been performed or port number has not been changed during NAT translation, otherwise the warning issue "10" is generated.

Type 10; error = Port is open, but port number has been changed during NAT translation. THIS ERROR means you have Symmetric NAT and you do not have STATIC PORT MAPPINGS in place. 3CX Phone System will not communicated correctly with your VOIP provider or external extensions. Read more about this here

Type 11; error = the server side of the firewall checker service is unavailable. Please try again later. Firewall Checker Agent is not accessible (response from the Firewall Checker Agent server has not been gotten during timeout).

Type 12; error = There was an error communicating with the firewall checker service. Please try again later. Firewall Checker Agent is not accessible (an error occurred on request sending).

Type 13; error = The machine is on a public IP. Please check the FAQ for more information. Firewall Checker Agent is not behind NAT.

Type 14; error = A request to STUN server could not be sent. This issue can be generated only if a STUN server is defined for checking. Firewall Checker Agent cannot send a request to the STUN server. Please check your configuration and try again later.

Type 15; error = The Response from STUN server has not been received (timeout or parsing error occurred; the ‘error’ parameter contains detailed information about error). Firewall Checker did not receive a response from the STUN server due to a timeout or a parsing error. Check if a STUN server is configured and that it is reachable.

General 3CX Phone System FAQs 

• How do I disable the dual Ring Tone?
• Can hotels with Micros Fidelio use 3CX Phone System?
• How can I translate the Prompt Sets?
• What phones, gateways and firmware have you tested 3CX Phone System V5.1 with?
• How can I setup integration between 3CX and Salesforce.com?
• How can I view SIP traffic with a Network Capture tool?
• Is Microsoft ISA server supported as a firewall?
• How do I configure a CISCO router for to allow connection to a VOIP provider?
• Why does 3CX require static port mappings (Full Cone NAT)?
• What operating systems does 3CX Phone System support?
• How can I use the 3CX Tunnel with a SIP hardphone?
• How do I configure my Linksys router for 3CX Phone System?
• How to use fax if using multiple network interfaces
• How can I localize 3CX Phone System?
• How does Phone provisioning work?
• How do I create a phone provisioning template?
• How does 3CX Phone System decide whether a call is internal or external?
• What is the cause of Installer error 2738, when installing 3CX?
• How to solve Source identification errors
• What is a SIP domain and how do I configure it correctly?
• How can I launch a call from a web based CRM package?
• How does 3CX know its an external extension?
• Does 3CX Support SIP trunking/ SIP trunks?
• 3CX Phone System Commercial & Free editions support page
• How can I adjust the configuration for unsupported VOIP providers or gateways?
• How do I configure direct SIP Calls?
• Configuring Exchange Server 2007 Unified messaging with 3CX Phone System
• What SIP Phones can I use with 3CX Phone System?
• What VOIP Gateways can I use with 3CX Phone System?
• Does 3CX VOIP Phone System work with Vonage?
• How to request support from 3CX
• How to convert a Cisco 7940 from SCCP to SIP
• What VOIP Providers have you tested 3CX Phone System with?
• Build History
• Does 3CX Phone System work with BroadVoice?
• Analyzing a SIP call