3cx and fortinet firewalls

Discussion in '3CX Phone System - General' started by m.nigg, Apr 21, 2008.

Thread Status:
Not open for further replies.
  1. m.nigg

    Jun 26, 2007
    Likes Received:
    hi there,
    i finally successed to configure my fortigate (50a, 50b, 60a, 60b) firewall to work with 3cx (explains if nothing has been done yet):
    1) update to the last firmware - best v3.0 mr6
    2) go to "firewall - protection profile" and make an new profile e.g. "sip"
    3) in that profile only activate "voip - sip"
    4) goto to "virtual ip" and create an entry named "server sip" with settings "external - static nat - your external stat ip (e.g. - mapped internal ip off 3cx server (e.g. - activate port forwarding - udp external 5060 - map to 5060" and do the same using "tcp" instead of "udp"
    5) go to "policy" and add a rule "external - all - internal - 3cx-server (e.g. - always - service SIP and 5090 (for tunnel if used) - accept - protection profile sip"; if you have rules for all incoming, you have to place that rule before, so fortinet uses that rule for 5060 and 5090
    6 ) add one more rile "internal - all (or 3cx-server) - external - all - always - service SIP - accept - protection profile sip" and important: place that as first outgoing rule just before e.g. internal-all-external-all-all; so fortinet uses that rule for 5060 and 5090 with protection profile "sip"
    normally now it should work - never the less, the firewall test shows errors to me for ports 9000-900x but it works fine ...

    - backup your settings before changing
    - and everything on your own risk

Thread Status:
Not open for further replies.