Dismiss Notice
We would like to remind you that we’re updating our login process for all 3CX forums whereby you will be able to login with the same credentials you use for the Partner or Customer Portal. Click here to read more.

3CX Phone client and Watchguard (vlan)

Discussion in 'Windows' started by Don_Zalmrol, Oct 30, 2015.

Thread Status:
Not open for further replies.
  1. Don_Zalmrol

    Joined:
    Apr 25, 2012
    Messages:
    45
    Likes Received:
    0
    Hi All,

    For a while now I have 3CX up and running with my Watchguard XTM 550E.
    But for some reason I cannot get the 3CX MyPhone (soft phone client) working.

    The Watchguard is set up like this:
    1 Interface that has some VLANS (DATA and VOICE are the ones that matter).

    The voice VLAN contains the hardphones and the PBX server that connect to the outside.
    The voice IP range is 10.0.10.0/24

    The data VLAN contains the other computers and servers.
    The data IP range is 10.0.0.0/24

    I seem to have an intervlan issue that will not allow my computers from the data VLAN to connect with the PBX server in the VOICE VLAN.

    I've set up a rule that allows any-any traffic from any-trusted, any-optional and any-bovpn to connect with the PBX server and vice-versa.

    So this should work, but unfortunately it isn't.
    Could somebody help me out?

    I'm sure I'm overseeing something somewhere.

    Thanks and cheers,

    Laurens
     
  2. datamerge

    datamerge New Member

    Joined:
    Nov 19, 2014
    Messages:
    181
    Likes Received:
    25
    Hi Don

    If you have your Watchguard set correctly, it should work fine. We have no issues on any of our Watchguard sites. Is your WG up to date on firmware, being 11.10.2 U2?

    Have you run the policy checker to be sure you don't have a typo somewhere in your policy? The policy checker is a bit of a dog, but it might be worth a try.

    Are both your VLANS in the trusted zone?

    There is a checkbox in the vlan config page that mentions inter vlan checking. Can't remember the exact wording and we don't have vlans on our Watchguard here. I have always wondered what that actually does. It would appear that it determines whether inter vlan traffic even traverses the policy engine, but not sure. Maybe alter those settings and see how it goes.

    Mark
     
  3. Don_Zalmrol

    Joined:
    Apr 25, 2012
    Messages:
    45
    Likes Received:
    0
    Hi Mark,

    Both VLANS are in the trusted zone.
    The firmware is V11.3.8 as for our models it can go any higher (oldies).

    My version doesn't have an option for the inter-vlan setting.

    Seems I need to make it work through other means.

    Can I perhaps assign a virtual NIC to my 3CX PBX server and force all the softphone traffic to go over that one?

    Thanks,

    Laurens
     
  4. datamerge

    datamerge New Member

    Joined:
    Nov 19, 2014
    Messages:
    181
    Likes Received:
    25
    It should work Laurens. It is only basic http or https. The firmware is a very old version and the pre 11.5 versions were diabolical, but I bet it is a simple problem. In firewall section, check blocked ports. Watchguard has a list of blocked ports and you might just be using one. What does fsm say? Does traffic monitor show up any denies?
     
  5. Don_Zalmrol

    Joined:
    Apr 25, 2012
    Messages:
    45
    Likes Received:
    0
    Hi Datamerge,

    Blocked ports are disabled as I know it can cause issues with VOIP and other traffic.
    I do not see anything being blocked (in regard of VOIP traffic) on my watchguard.

    It's like the traffic is not going to the correct vlan or it just drops it.

    Any other things I could check?
     
Thread Status:
Not open for further replies.