3CX Oneway Audio Issue with WatchGuard x750e

Discussion in '3CX Phone System - General' started by xchen, Sep 25, 2014.

Thread Status:
Not open for further replies.
  1. xchen

    Joined:
    Aug 1, 2014
    Messages:
    8
    Likes Received:
    0
    Hi all,

    I can't get it working with WatchGuard x750 firewall box for 3CX phone system.

    We have:
    1, 3CX Phone System Server in Data Centre (Outside of Office)
    2, Some 3CX compatible phones in office

    Without any firewall policies, I was able to make calls, but only one way audio:
    Office phone calls a customer
    Office can't hear from customer
    Customer can hear

    Looks like to me makes sense, then I set up a policy to allow traffic from office to external on port 3478,5000,5060,5009,9000-9049 (TCP&UDP), still doesn't work!

    Googled, people say I should disable ALG proxy or something from WatchGuard - I don't see it is enabled in anywhere, nor I can find a place to disable it.

    Any suggestions or direction will be much appreciated!
     
  2. jpillow

    jpillow Well-Known Member

    Joined:
    Jun 20, 2011
    Messages:
    1,342
    Likes Received:
    0
    Youre very likely having a NAT issues most likely resulting from SIP ALG, if you cannot find it to disable I'd suggest you open a ticket with Watch Guard or get with someone who knows the device well as they can assist in disabling SIP ALG for you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. tsukraw

    tsukraw New Member

    Joined:
    Mar 9, 2012
    Messages:
    190
    Likes Received:
    6
    xchen,
    I have dozens of WG units setup with 3CX systems. Would gadly give you a hand with it.

    1) Do you have multi-wan or just a single WAN connection?

    Here is what you need. Upgrade to a XTM515 appliance :) Just kidding

    two policies.

    Policy 1 Custom policy Ports: 5060/5090/5000/9000-9049 (Be sure to have good admin password 5000 opens mgmt from outside)
    From:ANY
    TO: NAT ANY-External -> Private IP of 3CX server.
    Enable logging on the policy

    Policy 2 - ANY PORT
    From: Private IP of 3CX server. (Not a NAT jus the 192.168.x.x or whatever the internal is of the 3CX)
    TO: ANY-External
    Enable logging on the policy

    Make sure these 2 policies are at the top of the WG policy list.
    If you cannot move them take the policy manager out of auto-order under View menu.

    Any questions on this shoot me a PM with your email address.
    Id be more then happy to help you get this configured if you got any questions
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. xchen

    Joined:
    Aug 1, 2014
    Messages:
    8
    Likes Received:
    0
    Hi mate,

    Thanks so much for your reply. I have just sent you a private message.

    I think in my case is the IP Phones who are behind the WG firewall, the 3CX Phone server is actually exposed to WWW.

    And for some reason, I only get one way audio on those Phones.

    Help. Thanks!!
     
Thread Status:
Not open for further replies.