Dismiss Notice
We would like to remind you that we’re updating our login process for all 3CX forums whereby you will be able to login with the same credentials you use for the Partner or Customer Portal. Click here to read more.

3cx sip alg failed

Discussion in '3CX Phone System - General' started by Doctor Rob, Mar 28, 2018.

Thread Status:
Not open for further replies.
  1. Doctor Rob

    Joined:
    Mar 28, 2018
    Messages:
    11
    Likes Received:
    0
    Just an.. maybe someone can help with this. The more recent version of 3cx (I am on current 15.5.9348.3 version) now fails the firewall test for the SIP ALG. I have tested with 3rd party firewall checkers and they report all is AOK. This is an more recent issue with the latest version of 3cx.. Previous to updating 3cx it always passed the check for the SIP ALG. Now with the current one it does not work (phones seem to work just fine and normal.. but having the firewall test failed in red bothers me).. Is there an work around to get this fixed or is it a known issue with the firewall tester now? OH and FYI the SIP ALG tester I used I have to turn off 3cx on the system to run it and it passes without issue.. If I try and run it with 3cx running the sip alg detector program fails as 3cx is using the interface or port or something.
     
  2. Saqqara

    Saqqara Well-Known Member

    Joined:
    Mar 12, 2014
    Messages:
    1,249
    Likes Received:
    202
    what version of firewall ?
     
  3. Doctor Rob

    Joined:
    Mar 28, 2018
    Messages:
    11
    Likes Received:
    0
    I use the USG PRO 4 from Ubiquiti Networks and I know the SIP alg is off being I can test that with other tools. Its only the 3cx system that states it fails the test. all the other tests show it passes with it being off. (I tried turning it on as well just to see)
     
  4. NickD_3CX

    NickD_3CX Support Team
    Staff Member 3CX Support

    Joined:
    Jun 2, 2014
    Messages:
    1,379
    Likes Received:
    84
    The 3CX SIP ALG check has 3 statuses:
    • Detected
    • Not Detected
    • Failed
    Which exact one does it report on your system?

    To check why the 3CX SIP ALG checker is failed, you would need to run a packet capture on the Ubiquiti firewall, and if you don't want to run an un-filtered capture, then you need to capture the traffic involving these 3 IPs:
    • The LAN IP of the 3CX Server
    • The WAN IP that 3CX exits from
    • The IP of the SIP ALG Server which is 151.80.125.98
    If you want me to check the capture I would need you to:
    1. Start capturing on the USG PRO 4 (not on the 3CX Server). Filtered or un-filtered does not matter for me.
    2. Run the Firewall Checker from the 3CX Management Console.
    3. Wait until it all finishes.
    4. Stop and save the capture
    What you are looking for are the the SIP messages that left from the LAN and check if they were in any way changed when leaving the WAN.

    If you want me to have a look at it, upload the capture to a file sharing site of your choice and PM me the download link.
     
  5. Doctor Rob

    Joined:
    Mar 28, 2018
    Messages:
    11
    Likes Received:
    0
    AHH! that was the issue.. it was simply the IP that you guys use was put on the block list!.. any other IPs 3cx uses I should be aware of just to be sure they are not put on a block list with our firewall?

    THANK YOU!!
     
  6. NickD_3CX

    NickD_3CX Support Team
    Staff Member 3CX Support

    Joined:
    Jun 2, 2014
    Messages:
    1,379
    Likes Received:
    84
    What is listed in the presentation found here: https://www.3cx.com/3cxacademy/videos/basic/installing/ (slide 10).

    The after that for the Firewall Checker:
    • sip-alg-detector.3cx.com (the one I gave you)
    • All the IPs stun.3cx.com resolves to and their +1s, so:
      • 151.80.125.93-151.80.125.94
      • 151.80.125.107-151.80.125.108
      • 158.69.11.6-158.69.11.7
      • 158.69.11.8-158.69.11.9
    I can't think of anything else. :)
     
  7. nb

    nb Support Team
    Staff Member 3CX Support

    Joined:
    Jun 7, 2007
    Messages:
    2,153
    Likes Received:
    170
    We will check - now it is up.. You can continue working.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. Doctor Rob

    Joined:
    Mar 28, 2018
    Messages:
    11
    Likes Received:
    0
    Thank you again!
     
  9. coastlinetech

    Joined:
    Mar 21, 2018
    Messages:
    4
    Likes Received:
    0
    Nick, this is also happening to one of our clients all of a sudden too. They are using a Sonicwall TZ300 firewall and everything is configured correctly. The status comes back as failed for detecting SIP ALG. Everything else passes, phones still functioning normally with zero issues. I have PM'ed you the download link to my capture along with relevant IPs.

    Thanks.
     
Thread Status:
Not open for further replies.