3cxphone clients behind modem and firewall

Discussion in 'Windows' started by 3cxisti, Dec 27, 2014.

Thread Status:
Not open for further replies.
  1. 3cxisti

    Joined:
    Dec 11, 2012
    Messages:
    24
    Likes Received:
    0
    Hi,

    we have here four 3cxphone clients behind a pfSense firewall.
    They work with 3cxtunnel. In this case only one port has to be opened...

    Can somebody tell me which ports have to be opened for the comversations?

    My 3cxphone (for windows) have the following settings:

    "general network settings"

    RTP Ports: 40000-40049 (UDP)
    Local SIP Port: 5060 (UDP)
    Tunnel: 5090 (UDP)

    For this reason I think all the ports have to be opened for both directions: LAN & WAN

    Am I right?

    Because of the NAT 5090 or 5060 has to be forwarded to the LAN-Client. How can I however made it, if there are more clients?

    The pfSense-Router is behind an SFR Modem. The port 5090 has for this reason to be routed from the modem to the Router, does not it?

    Thanks a lot for your help.

    I.
     
  2. ian.watts

    ian.watts Active Member

    Joined:
    Apr 8, 2011
    Messages:
    532
    Likes Received:
    0
    If "conversations" means "chat" as well as other presence features, they are web-driven features.. you will need to open/forward 5000 TCP for those.

    The other ports you describe are for the voice calls (SIP) and streams (RTP).

    The voice components can be tunneled, the presence components cannot (yet?.. future feature?..).
     
  3. leejor

    leejor Well-Known Member

    Joined:
    Jan 22, 2008
    Messages:
    10,732
    Likes Received:
    277
    I'm not clear on whether this means that they do, or don't currently work for you.

    Common practice, when the use of the tunnel is desired for more than one phone at a remote location, is to employ the 3CX SBC. http://www.3cx.com/docs/3cx-tunnel-session-border-controller/ That sets up a single Tunnel connection able to handle multiple sets. I can see some issues arising if you have multiple sets, each attempting to connect to the PBX over the same port (5090). I would think that the remote router would have a problem, in the same manner, as assigning port 5060 to each set when not using the tunnel.
     
Thread Status:
Not open for further replies.