In this post we describe the basic configuration of a TechniColor router for use with 3CX Phone System.
In general TechniColor is known to work correctly and can be used as a gateway in front of a 3CX Phone System to connect VoIP Providers, Direct Remote Extensions (STUN) and 3CX Tunnel connections.
The status of this type of firewall is: Supported
Nat Type: Not Tested
Firewall configuration will never be carried out by the 3CX Staff, and must be made by the System Administrator of the company. You must understand the risk of opening ports to the World Wide Web. Read https://www.3cx.com/blog/docs/securing-hints/ for more information and agree with the terms stated. The provided guide is based on the best known effort to configure the device(s). 3CX is not liable for any misconfiguration that may be made using this guide.
Start a web browser and open the web management console of the Technicolor.
- Navigate to “Advanced” > “Forwarding”.
- To determine which ports need to be opened, see this link: https://www.3cx.com/docs/firewall-router-configuration-voip/. As the ports may depend on the version you are using refer to the admin manual for the fully updated port list.
- Click “Create IPv4” to add your rules. This example shows you how to add NAT rules for the default SIP port, 3CX Tunnel port, and Audio (RTP) & WebRTC port range.
- After adding your rules, navigate to “Advanced” > “Options” and uncheck the “SIP” option from the NAT ALG Status list
Run the 3CX Firewall Checker to validate the setup from the 3CX Management Console “Settings” > “Firewall Checker”. All tested ports must return green / working.
Note: If you use this firewall in a remote location, in front of an STUNed IP Phone, the appropriate NAT rule to the internal IP Phone MUST be added. Due to the dynamic NAT, the audio port opened will change and not match the port (5060) resolved and sent in the invite to 3CX Phone System.