Solved Firewall checker failures

Discussion in '3CX Phone System - General' started by ajohnson443, Aug 16, 2017.

Thread Status:
Not open for further replies.
  1. ajohnson443

    Joined:
    Mar 27, 2012
    Messages:
    30
    Likes Received:
    4
    Every time I run the FW checker it fail on multiple ports. And it is always different ports. I have all ports forwarded to the 3CX box (on a cisco router it is no fun forwarding that many ports lol). I am wondering if this is just random timing issues.. I have had no issues with call completions or anything so I am not sure it's even a problem. I just hate seeing the "firewall test FAILED" message on the dashboard :)

    It different ports every time..

     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. eddv123

    eddv123 Well-Known Member

    Joined:
    Aug 15, 2017
    Messages:
    1,218
    Likes Received:
    174
    Hi ajohnson443,

    What version of 3CX are you running ? I am going to assume the latest 15.5 version as there have been new additional features added to the in-built firewall checker with the latest Service Pack.

    The fact you are seeing this on different ports each time is odd.

    That being said if it were me I would double check the 3CX/Cisco online guides (some are a little outdated so rectify for the correct ports required in v15) and ensure that you have Full Cone NAT enabled for the required ports in 3CX and that the SIP ALG has been disabled:

    https://www.3cx.com/blog/voip-howto/cisco-voip-configuration/
    https://www.3cx.com/docs/3cx-phone-system-v14-ports/
    http://www.think-like-a-computer.com/2011/09/16/types-of-nat/ (see full cone NAT)

    If using Windows I would also ensure that Windows Firewall is turned off on my server also (as you are behind a firewall and not public facing this should be fine) and test with the remote firewall checker also:https://www.3cx.com/blog/voip-howto/3cx-firewall-checker-client/

    Are there any other programs running on this server that are worth noting ? you should always try and keep the server dedicated to 3CX.

    Is there anything different about this network setup ? are there 2 gateways for example. It maybe worth checking your setup conforms to the supported network configurations required for 3CX also:
    https://www.3cx.com/blog/docs/network-configurations-supported-3cx-phone-system/
     
    YiannisH_3CX and ajohnson443 like this.
  3. ajohnson443

    Joined:
    Mar 27, 2012
    Messages:
    30
    Likes Received:
    4
    I actually am running a router behind a gateway. And I just figured out the problem.. On the gateway there is a flood setting.. to limit packets when a flood is detected. I set Flood limit UDP enable & Flood limit TCP enable to off just to test.. And I got green lights across the board.

    Makes sense why it was on different ports all the time. It just depended on the sensitivity of the flood detection trigger.

    Edit: I re-enabled the UDP/TCP flood detection with a higher threshold and it now passes firewall checker.

    Thanks for the response, there is a lot of good info there for sure.

    Tony
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    YiannisH_3CX and eddv123 like this.
Thread Status:
Not open for further replies.