Dismiss Notice
We would like to remind you that we’re updating our login process for all 3CX forums whereby you will be able to login with the same credentials you use for the Partner or Customer Portal. Click here to read more.

3cx and fortinet firewalls

Discussion in '3CX Phone System - General' started by m.nigg, Apr 21, 2008.

Thread Status:
Not open for further replies.
  1. m.nigg

    Joined:
    Jun 26, 2007
    Messages:
    7
    Likes Received:
    0
    hi there,
    i finally successed to configure my fortigate (50a, 50b, 60a, 60b) firewall to work with 3cx (explains if nothing has been done yet):
    1) update to the last firmware - best v3.0 mr6
    2) go to "firewall - protection profile" and make an new profile e.g. "sip"
    3) in that profile only activate "voip - sip"
    4) goto to "virtual ip" and create an entry named "server sip" with settings "external - static nat - your external stat ip (e.g. 80.120.12.5) - mapped internal ip off 3cx server (e.g. 192.168.1.100) - activate port forwarding - udp external 5060 - map to 5060" and do the same using "tcp" instead of "udp"
    5) go to "policy" and add a rule "external - all - internal - 3cx-server (e.g. 192.168.1.100) - always - service SIP and 5090 (for tunnel if used) - accept - protection profile sip"; if you have rules for all incoming, you have to place that rule before, so fortinet uses that rule for 5060 and 5090
    6 ) add one more rile "internal - all (or 3cx-server) - external - all - always - service SIP - accept - protection profile sip" and important: place that as first outgoing rule just before e.g. internal-all-external-all-all; so fortinet uses that rule for 5060 and 5090 with protection profile "sip"
    normally now it should work - never the less, the firewall test shows errors to me for ports 9000-900x but it works fine ...

    remember:
    - backup your settings before changing
    - and everything on your own risk
    sorry!

    regards
    marty
     
Thread Status:
Not open for further replies.