Best Router for 3CX VOIP

Discussion in '3CX Phone System - General' started by casualmikey, Jul 24, 2013.

Thread Status:
Not open for further replies.
  1. casualmikey

    Joined:
    Jul 24, 2010
    Messages:
    21
    Likes Received:
    0
    Hi all,

    I would like to know which router works well with VOIP. I have read the article for what to look for, static port mapping, no ALG, etc. but many routers have that feature that can be disabled. I am looking for a security appliance, one with intrusion prevention, anti-virus, DPI, LAN/DMZ zones, SSL VPN.

    I actually purchased the SonicWall TZ-210 and after spending hundreds of dollars on support and a 1 year subscription to services, the darn thing does not work. The router changes the incoming port to some random port and it does not make it through the firewall. Sonicwall states it is the issue with the VOIP provider (Nexvortex).

    Sonicwall provided evidence that the destination ports of the packet was some random port and that the firewall was just forwarding to that destination port. Nexvortex adamantly denies this and states the source and destination are same. I agree with Nexvortex as my current simple router works fine with only SIP and media ports forwarded.

    I have tried every advise possible, even the documentation from 3CX on how to configure the TZ-210 (to force the static port mapping by providing outbound NAT policies, etc.) The SonicWall router is erratic at best.
    -------------------------------------------------

    So to make a long story short, I'm going to trash the TZ-210, write a scathingly bad review of the product and purchase another router.

    I am looking at a similarly priced UTM router, Zyxel USG200, Drayteck Vigor 2960, or WatchGuard XTM 33. I hear Fortinet 60C is a little clunky.

    Thanks in advance for advise

    Mike
     
  2. tom_ch

    Joined:
    Jul 6, 2011
    Messages:
    69
    Likes Received:
    0
    Hi

    I have made good experience with all Zywall USG models.

    The Fortigate works well too, but you have to disaable SIP-ALG through the CLI --> http://www.3cx.com/blog/voip-howto/fortigate-80-alg/
     
  3. jpillow

    jpillow Well-Known Member

    Joined:
    Jun 20, 2011
    Messages:
    1,342
    Likes Received:
    0
    I'm going agere with your VoIP provider and say the issue is with your router, I've many clietns using SonicWalls with no issues though one has the issues you described. I also experienced it with some lower end cisco routers before the sonicwall I simly moved to the Ciscop RV042 issue resolved. Good luck I hope you find something that works for you
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. complex1

    complex1 Active Member

    Joined:
    Jan 25, 2010
    Messages:
    752
    Likes Received:
    38
    Hi,

    I am using different types of Draytek routers without any problem. (cable or ADSL)
    They are easy to configure and do not change incoming ports.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. casualmikey

    Joined:
    Jul 24, 2010
    Messages:
    21
    Likes Received:
    0
    Hi all,

    Thanks for the replies and suggestions. I had also looked at the NetGear Prosecure UTM25 or UTM50. They seems pretty feature rich with decent support such as lifetime part replacement.

    A funny thing happened to me. I contacted netgearstore.com to look into the netgear router and I talked to a gentleman about my SonicWall TZ210. He was curious about the issue and forwarded me to an ex-sonicwall engineer (Ed) who is currently employed at netgearstore.com. Ed said he currently owns the TZ210 and VOIP works for him.

    He mentioned to me that there is a "hidden" diagnostic page in the sonicwall routers. If you log into your router via your browser, the URL would be something like this, http://xxx.xxx.xxx.xxx/main.html. He told me to replace /main.html with /diag.html. It will bring you to a settings page with many different settings.

    He said sonicwall does not advertise this because end user can override security setting in this page possibly rendering the router useless from a security perspective.

    I explained my problem and he said the TZ210 is a great router and should work for me. He pointed me to a VOIP setting in that hidden page called something to the effect of, "transform SIP endpoint URI when no endpoint is specified", he said that this may solve my problem. I believe this setting seems to be that if the incoming packet does not have a destination port (or other endpoint info) specified, transform the packet. He told me to turn that off.

    I just wonder why sonicwall support never told me about this over countless hours with their level 2 support?

    I am going to try this setting and will update you on the result. I am very optimistic.
     
  6. mixig

    mixig Active Member

    Joined:
    Dec 13, 2011
    Messages:
    519
    Likes Received:
    11
    Did you try it?
     
  7. StefanW

    StefanW Head of Customer Support and Training
    Staff Member 3CX Support

    Joined:
    Jun 2, 2009
    Messages:
    1,199
    Likes Received:
    79
    Good working
    DrayTek Vigor (on vdsl enable nat keep alive, reboot firewall after nat once)
    Watchguard
    Linksys/Cisco Home Routers WRT
    TP Link (disable sip alg)
    MicroTik (disable sip alg)

    Medium working
    Zyxel (disable sip alg)
    Cisco ASA and PIX (fix up sip and rtp)

    Not working well
    SonicWall (no full cone nat support)
    Fortigate (uncontrollable SIP ALG Function)
    AVM FritzBox (no nat on 5060)
    ISA Server and following models (no full cone nat support)
    SpeedPort (no way)
    Thomson Routers (no way)
    BT Home HUB X (no way)

    I would offer to make a collection page on how to's for any working router model on 3cx.*
    As good working firewall I cluster firewalls which
    a) pass after NAT is set for 5060 and 9000-9049 on the 3cx firewall checker in GREEN
    b) an invite to an provider and received answer with "rport=5060" and "received=IP PBX"
    if the community drives this i am willingly to collect them and post them publicly.

    How big is the interest in it? then I will define a guide line for the how to doc which needs to be received in pdf form...
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. leejor

    leejor Well-Known Member

    Joined:
    Jan 22, 2008
    Messages:
    10,371
    Likes Received:
    230
    I've had no problems with the Linksys WRT54 series running the DD-WRT firmware. Also the D-Link DIR-615 (inexpensive but adds "N") also loaded with the DD-WRT firmware which gives PPTP VPN access along with a few other features.

    Of course being "consumer" routers, they may not offer all of the feature that a business may be looking for. The WRT series is also getting a bit old now (that's why I moved on to the D-Link), and (as far as I know) only supports B & G.
     
Thread Status:
Not open for further replies.