• V20: 3CX Re-engineered. Get V20 for increased security, better call management, a new admin console and Windows softphone. Learn More.

SIP ALG dectection failed, single port 9000 full cone test failed

Status
Not open for further replies.

Simon Dulwich

Free User
Joined
Jun 12, 2018
Messages
31
Reaction score
1
I have installed 3CX on to multiple Windows 2016 Servers all behind a sonicwall but they all failed on detecting SIP ALG, and testing port 9000 full cone test failed, although all other ports pass. I have followed the 3CX sonicwall guides to the letter, I have modified them to suggestions made by others on these forums but nothing makes my firewall check go green. I saw back in Dec 18th 2018 that there was an issue on 3CX side for SIP ALG, is this the case today?

Any help / suggestions please.
 
Could this be due to having multiple servers on the same external IP?
 
Sorry for confusion, all servers are in different locations, Sao Paulo/London/China/Spain

I have followed the guide.
 
Hello @Simon Dulwich

I do not see an issue with the SIP ALG detector on our side as i run a couple of firewall tests and those were successful. Also the fact that only one port is failing the test is pretty strange. You could check the configuration with wireshark as explained in the following guide and see where this is failing. https://www.3cx.com/docs/firewall-checker/
 
I am not familiar with SonicWalls but just a suggestion on the off chance.

Some Firewall/Router brands have the requirement to disable such settings on the CLI (command line) also - might be worth looking at if you hit a dead end.

Additionally it maybe worth checking your Windows servers hosting 3CX and if turned on try disabling the local Windows Firewall(s) also. Whether such a thing would give you this error I would doubt but it has been an area that has caused firewall-like issues in the past.
 
Yes tried using wireshark but nothing obvious, will have to look further into it.

Might try again with a blank firewall and setup from scratch might be other policies/rules conflicting with the new 3CX rules I've created.

Will also look at Windows firewall, won't hurt to try turning it off. Thanks for the suggestions.
 
Capture.PNG Test failed on port 9000...9398
 
Are you using a sonicwall firewall?

Exactly same issue I have.
no ! i used PaloAlto firewall i tried to configured it everytime but can't resolve my issue
 
Last edited:
If I enable SIP Transformation which is not recommended I get successful port for port 9000. Why would enabling SIP transformation resolve port 9000?

Is the failing of SIP ALG my firewall issue, or that it can't contact the 3CX server to test my SIP ALG setup?

upload_2019-1-25_8-53-1.png

upload_2019-1-25_8-53-36.png
 

Attachments

  • upload_2019-1-25_8-48-9.png
    upload_2019-1-25_8-48-9.png
    7.3 KB · Views: 4
no ! i used PaloAlto firewall i tried to configured it everytime but can't resolve my issue
Your results suggest that SIP ALG is enabled on your firewall so you need to figure out how to disable that to pass the firewall checker.
 
If I enable SIP Transformation which is not recommended I get successful port for port 9000. Why would enabling SIP transformation resolve port 9000?

Is the failing of SIP ALG my firewall issue, or that it can't contact the 3CX server to test my SIP ALG setup?
From your screenshot it seems that the firewall checker fails to check for SIP ALG and that is why it is failing. If SiP ALG was detected you would get the message "detected" along with a value. Are you blocking any outbound traffic from your network?
 
Your results suggest that SIP ALG is enabled on your firewall so you need to figure out how to disable that to pass the firewall checker.

It is disabled.
 
Status
Not open for further replies.

Getting Started - Admin

Latest Posts

Forum statistics

Threads
141,629
Messages
748,931
Members
144,741
Latest member
Boykins_54
Get 3CX - Absolutely Free!

Link up your team and customers Phone System Live Chat Video Conferencing

Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.

3CX
A 3CX Account with that email already exists. You will be redirected to the Customer Portal to sign in or reset your password if you've forgotten it.