3CX in the DMZ or across VPN? Use the SBC to provision only

Discussion in '3CX Phone System - General' started by dan_tx, Jan 24, 2017.

Thread Status:
Not open for further replies.
  1. dan_tx

    dan_tx New Member

    Joined:
    Nov 3, 2016
    Messages:
    100
    Likes Received:
    27
    Just dropping this here in case anyone else faces this issue. We deployed 3CX in the DMZ zone since all servers that are public facing are required to go there. The rules would allow direct access from the LAN across the needed ports for phone calls, etc.

    One issue that came up was provisioning the phones. All options required extensive manual work unless you have the phones on the same subnet as the server or an SBC was involved. The problem is that we would not want the phones to use the SBC since they have direct access to the 3CX server in the DMZ zone on the ports they need. Plus the SBC cannot support all the phones and creates another point of failure that we would prefer to avoid.

    The solution was to deploy an SBC to identify via broadcast traffic the phones in 3CX, then when provisioning simply switch the type of provisioning from using the SBC to the local LAN. Phone reboots and is provision properly without having to resort to manual provisioning or DHCP.

    I would think this would work in VPN scenarios as well or any situation where the phones can access the LAN IP of the 3cx server, but due to networking configuration the multicast traffic can't reach it.
     
    #1 dan_tx, Jan 24, 2017
    Last edited: Apr 5, 2017
  2. JCarnes

    Joined:
    Apr 25, 2016
    Messages:
    24
    Likes Received:
    2
    Good info as we are considering this very scenario for our organization!
     
Thread Status:
Not open for further replies.