Dismiss Notice
We would like to remind you that we’re updating our login process for all 3CX forums whereby you will be able to login with the same credentials you use for the Partner or Customer Portal. Click here to read more.

Firewall rules for SBC ?

Discussion in '3CX Phone System - General' started by adminbod, Oct 26, 2016.

Thread Status:
Not open for further replies.
  1. adminbod

    Joined:
    Jan 18, 2010
    Messages:
    36
    Likes Received:
    2
    Hi -

    We're running an SBC at each of our two sites to support users Snom D715 handsets.

    3CX V15 SP2 is running on a cloud VM at Rackspace

    We're using Sonicwall firewalls at both sites

    Since updating the firmware on the Sonicwalls from 5.8 to 5.9 the Snoms will randomly un-register themselves and then re-register 5 mins later. No pattern, they don't do it all at the same time - happens maybe 3/4 times in a 24hr period, day or night.

    I've never had any firewall rules setup to 'help' the traffic between the SBC and 3CX - it's always just worked out the box.

    We have users on the 3CX windows softphone, android and IOS clients and they don't seem affected at all.

    I can't find anything in the Sonicwall logs, but I'm suspicious of the timing with the firmware update

    Does anyone else out there run SBC's behind sonicwall's ? and if so do you have any firewall rules setup for them?

    cheers...
     
  2. Anonymous

    Anonymous Guest

    We have a site where we have a couple sbcs with a couple dozen yealink phones the sonicwall. It has been a major PITA. We're currently on ver 14 sp2 and have tried windows sbc, rasppi ver2 sbc and have regular issues with one way audio and sbc stalling and not restarting.

    We've just added two rasppi 3 model b which are supposed to be far more powerful in hopes of curbing the issues. Other contributors can be a significant number of BLFs programmed on the phones.

    We're still very suspicious of the Sonicwall as this is the only site with a sonic wall and with these types of problems. We recommend exclusively PFSense these days.

    In terms of ports, the SBC should only require 5090 udp(by default unless you've changed it) on the 3cx server and is typical a random port on the sbc side. All other ports are wrapped within the SBC tunnel traffic.
     
  3. adminbod

    Joined:
    Jan 18, 2010
    Messages:
    36
    Likes Received:
    2
    thanks helia...

    To be fair we've been running sonicwalls for years - and for the last 2/3 years all of them on firmware 5.8 without a peep of trouble.

    The 5.9 firmware was forced on us last week by Dell as their servers stopped units running 5.8 from picking up new security signatures.

    We're committed to the sonicwalls we have for at least another 18 months, as we have maintenance contracts in place - we'll review our options then.

    In the meantime I'll try and looking at some wireshark logs to see if I can spot anything.
     
  4. ian.watts

    ian.watts Active Member

    Joined:
    Apr 8, 2011
    Messages:
    532
    Likes Received:
    1
    It's exactly SonicWall as to why I started multi-homing the PBX units on-prem. The hours of doing this and then that.. with inconsistent results.

    The SBC listens on UDP 5060 (SIP) on the LAN.. it doesn't need or even listen on 5090 at all. It connects to the PBX on TCP 5090 to establish and maintain the tunnel. It should be maintained at the SonicWall like any other connection.

    Since migrating on-prem to VPS and dropping in an SBC in our office, has been mostly fine.
    Now.. if those Cisco BLFs would stay green!..
     
Thread Status:
Not open for further replies.