• V20: 3CX Re-engineered. Get V20 for increased security, better call management, a new admin console and Windows softphone. Learn More.

Firewall Lock Down and Port Forwarding

Status
Not open for further replies.

danjhayman

Joined
Sep 28, 2016
Messages
1
Reaction score
0
Hello,

We have our 3CX server hosted on an Amazon instance. We have recently received several emails from 3CX about IP making too many login attempts so we've decided to lock down the firewall to our single office IP.

I have found the below list of ports to open but the firewall checker still fails. Are there any additional ports to open? Does any one have any experience locking down the firewall to a 3CX server?


TCP 5000 or 80 v14: This port can be configured when Webserver is Abyss. On IIS it is fixed to 80
TCP 5001 or 443 v14: This port can be configured when Webserver is Abyss. On IIS it is fixed to 443

UDP & TCP 5060 3CX Phone System (SIP)
TCP 5061 3CX Phone System (SecureSIP) TLS
UDP & TCP 5090 3CX Tunnel Protocol Service Listener
UDP 9000-9255 (default) 3CX Media Server (RTP) – WAN audio/video/t38 streams
UDP 9256-9500 (default) External media transmission for 3CX WebRTC
 
The resulting messages, from the Firewall Test, will tell you which ports it finds are not open, or are incorrectly configured. If you are using any remote extensions, that can originate from different IPs, they you may find it hard to completely block attempted hack registrations. You would have to have the firewall "whitelist" a limited number of IPs to the complete exclusion of all others.

The black list rules can be tweaked to provide a decent "barrier" against hacks. Increasing the blacklist time drastically is a good start.
 
Status
Not open for further replies.
Get 3CX - Absolutely Free!

Link up your team and customers Phone System Live Chat Video Conferencing

Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.

3CX
A 3CX Account with that email already exists. You will be redirected to the Customer Portal to sign in or reset your password if you've forgotten it.