Firewall Checker not reachable

[TLA]

Hello there,

I have one IPBX 3CX (Debian) on a VPS, that is working fine, we are currently using it.

I have setup an IPBX 3CX (Windows) in our local network to replace the one above, but I have some Firewall Checker issue here.

Here is my local network setup : Adsl(OVH) > Modem in Bridge Mode (TG788vn v2) > Firewall (FVS318v3) > Switch > 3CX-Server (Windows)



What's working :
Provisionning
Presence
Internal calls with audio

What's not working :
External calls with audio : the calls is receive but there is no audio on both sides
Firewall Checker failed (screenshot Firewall_Checker.PNG)



Firewall ports are open (screenshot Firewall.PNG), Windows ports are open. (and widely open... yes I'm in despair).
I can reach the port 5060 from the outside (screenshot Can You See Me.PNG)

I've tried many things without result for hours... I'll be glad if someone have an idea

 

[nb]

Nice description - well done!!

Can you see me result means nothing. You don't know what it is doing and
You need to dig in the firewall and make it work transparently.
Can you try and explicitly specify all the ports required for 3CX?
Try a test - open 5060 UDP and TCP and see if at least the sip test passes. (Sip test should go green when you run the test again). If it does, come back and I will guide you on the next steps.
Most firewalls will need to have the rule explicitly made not a catch all. A catch all might have some internal restrictions pre-set by the company or else check for a template which declares the internals of the rule.

Dig in the firewall config..

 

[TLA]

Hello,

Thank you for your reply!

Sorry, I come back without pass the sip test...

Yes, I had obviously setup up the firewall with the appropriates ports at the beginning (screenshots below). The result were the same in the Firewall Checker,I also just tried again. I changed the 5060 port, wondering if my ISP was blocking it, same result.

I searched for a firewall / firmware incompatibilities, but without results.

I have others service that goes through the firewall, but not related with the 3CX services. I disabled all of them, and just setup the 3CX rules for testing.

 

[nb]

Also change the subject of the post. Not firewall checker not reachable. You can reach the fw checker service. Your problem is that 5060 5090 and ALL THE MEDIA Ports are not reachable.

Send me pm and give me your public ip. I will see if your ports are open or not.

 

[TLA]

Hi,

Tried with a Mikrotik RB952. Same issues... but this was just impossible, so I reinstalled 3CX server, and... it worked (with the Mikrotik)....

 

[nb]

Then it means that you had something occupying some 3CX Port.
You fixed the problem blindly and it might happen again.
What other stuff do you have installed on this machine? Anything sip related?

 

[TLA]

Hi,

The machine is a fresh windows 10 pro with just the 3cx server.

I think the issue were caused by a second network card that I used for Wifi AP. I removed it, since the Microtik can manage that.

 

[nb]

Well having a second nic going out on the internet also is not going to make things simpler for you either.
Remember you can leave both configured, but if you had problems, it means that you left both interface with a default gateway. Only one interface should have a default gateway. the other should be blank. Otherwise you confuse windows completely.