Can you post more details about your setup? Is the 3CX on your local network, how you NAT your LAN, etc.? Are you experienced with Mikrotik coniguration ?
I'm using Mikrotik in several of my implementations and I'm not experiencing any problems, so most probably you have not configured your firewall correctly.
Generally you need to do the following:
1. Accept in firewall filter rules remote requests to ports used by 3CX, where 'protected_host' list contains the address of the 3CX (both public and local).
/ip firewall filter
add action=accept chain=forward disabled=no dst-address-list=protected_host \
dst-port=5060,5090,9000-9049 protocol=udp
add action=accept chain=forward disabled=no dst-address-list=protected_host \
dst-port=5090,5000,3389 protocol=tcp
2. In NAT configuration you need some rules like the following (assuming '192.168.88.88' is the local address of the 3CX and 'ether1' is the internet interface):
/ip firewall nat
add action=dst-nat chain=dstnat disabled=no dst-port=9000-9049 in-interface=\
ether1 protocol=udp to-addresses=192.168.88.88
add action=dst-nat chain=dstnat disabled=no dst-port=5060,5090 in-interface=\
ether1 protocol=udp to-addresses=192.168.88.88
add action=dst-nat chain=dstnat disabled=no dst-port=5090,5000,3389 \
in-interface=ether1 protocol=tcp to-addresses=192.168.88.88
add action=masquerade chain=srcnat disabled=no src-address=192.168.88.0/24
Note that port 5000 is used for configuration of 3CX and 3389 for Windows Remote Desktop -- you may decide not to make them available from outside.
Try to switch off eventually the SIP ALG in the IP | Firewall | Service Ports | SIP menu of the Mikrotik. This can be useful if STUN is not resolved correctly (and also is recommended in 3CX documentation, nevertheless I think 3CX is working fine with SIP ALG active, at least from my experience). STUN may be not compatible with symmetric NAT configurations in some cases.
Have a look also on related post (Remote attacks) -
http://www.3cx.com/forums/remote-attacks-17957.html -- I've posted some comments on Mikrotik application as firewall.
Regards,
Orlin.