Dismiss Notice
We would like to remind you that we’re updating our login process for all 3CX forums whereby you will be able to login with the same credentials you use for the Partner or Customer Portal. Click here to read more.

3cx VoIP phone remote connection with SonicWall

Discussion in 'Windows' started by neuse, Oct 15, 2011.

Thread Status:
Not open for further replies.
  1. neuse

    Joined:
    May 27, 2010
    Messages:
    6
    Likes Received:
    0
    I installed my first 3cx system and have static IP with DNS sip.domain.com and am having trouble getting remote connection to occur for 3cx VoIP phone. It works fine on LAN. I use SonicWall and *believe* I have proper ports open yet defer to those that have done it before to advise regarding the following settings:

    firewall checker port list:
    UDP SIP port 5060
    TCP SIP port 5060
    TCP Tunnel port 5090
    RTP Ports range 9000-9049 -> UDP

    However, http is *not* forwarded. So, if http://sip.domain.com:5000/provisioning/TcxProvFiles/3cxProv_111009133102_102.xml is required for autoprovisioning, shouldn't I open up port 80 to let http flow, or is there a security risk that would want one to autoprovision only from the LAN?

    Is "Use 3cx tunnel" the preferred embodiment? I have that checked along with the "I am out of the office - use external IP" thingie. No connection thus far. Any advise for a newbie? I sold my first system and am trying my best to eat my own dog food and get things going before the client installation.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. eagle2

    eagle2 Well-Known Member

    Joined:
    Apr 27, 2011
    Messages:
    1,085
    Likes Received:
    11
    You don't need to open port 80, instead of this open port 5000, if you want to use myphone from remote locations, etc.
    3cx tunnel is not providing any encryption / security. It deals only with NAT issues.

    You need to open also UDP port 5090 for 3cx tunnel to operate (if your list is correct).

    If you need greater security use some VPN router solution (recommended). MikroTik routers could be a nice choice -- powerful and inexpensive. You may set IPsec or OpenVPN relatively easy.

    To use SIP with SonicWall you need special setup to allow. As far as I know SIP is blocked by default in some SonicWall models. This could be the reason for not succeeding in registration / operation of remote extensions. Run also the 3cx firewall checker to see whether the SonicWall is not blocking your 3cx phonesystem.

    Regards
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. neuse

    Joined:
    May 27, 2010
    Messages:
    6
    Likes Received:
    0
    firewall checker passed. i opened port 5000 udp and tcp as well as 5090 udp. no love.

    http://localhost:5000/provisioning/TcxProvFiles/3cxProv_111009133102_102.xml

    resolves yet not with sip.domain.com instead of localhost.

    what special settings have folks seen with SonicWall?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. eagle2

    eagle2 Well-Known Member

    Joined:
    Apr 27, 2011
    Messages:
    1,085
    Likes Received:
    11
    Hi,

    for remote extensions you should use:
    http://sip.domain.com:5000/provisioning/...
    as well as for local extensions, if sip,domain.com resolves correctly to internal address of 3cx server.
    'localhost' should resolve to 127.0.0.1 which means the machine on which is resolved.

    Regarding SonicWall I tried to search the forums, but I didn't managed to find anything related.
    I had a 3CX customer using SonicWall and he was experiencing similar problems, until the company supporting his SonicWall made some changes to allow SIP and RTP traffic. Your case sounds similar, but unfortunately I can't help you with this.

    Try capturing the traffic with Wireshark -- this may give a clue.

    Regards
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. willow

    willow Member

    Joined:
    Mar 1, 2011
    Messages:
    471
    Likes Received:
    0
    make sure you enable consistant nat on the sonic wall
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. neuse

    Joined:
    May 27, 2010
    Messages:
    6
    Likes Received:
    0
    i lucked out, got in touch with Nexvortex tech support that knew SonicWall and found the error in my firewall that permited incoming SIP traffic.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. pat

    pat

    Joined:
    Feb 12, 2008
    Messages:
    34
    Likes Received:
    0
    let us know.... ;)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Thread Status:
Not open for further replies.