Firewall test failed. Need help.

Discussion in 'Windows' started by Heidi323, Sep 2, 2016.

Thread Status:
Not open for further replies.
  1. Heidi323

    Joined:
    Sep 2, 2016
    Messages:
    2
    Likes Received:
    0
    I have just installed 3CX phone system and the firewall tests have failed. Please tell me what I am doing wrong. I have opened both incoming and outgoing ports for TCP and UDP given the document http://www.3cx.com/docs/3cx-phone-system-v14-ports/

    The screen shot for the failed tests are here https://postimg.org/image/9f0srf74b/.

    As you can see the "Full Cone Test Failed". I have added the ports in the Firewall. A screenshot is given here https://postimg.org/image/9f0srf74b/

    Please tell me what I am doing wrong. Any help would be appreciated.
     
  2. leejor

    leejor Well-Known Member

    Joined:
    Jan 22, 2008
    Messages:
    10,586
    Likes Received:
    252
    You have posted in the "3CXPhone for Windows" forum when you should have posted in the "3CX Phone System- General" forum.
    Nevertheless, a good place to start is by listing the make and model of the router you are using, along with any Firewall you may have installed.
     
  3. Heidi323

    Joined:
    Sep 2, 2016
    Messages:
    2
    Likes Received:
    0
    Okay my situation is as follows-:

    My ISP gives out a private static IP for very customer which is then NATed to an external public address. And I have no router. The firewall that I am using is the Windows Firewall, and I have opened all the ports needed for incoming and outgoing connections of the 3CX phone system.

    Please let me know if further clarifications are required.
     
  4. ian.watts

    ian.watts Active Member

    Joined:
    Apr 8, 2011
    Messages:
    532
    Likes Received:
    0
    That configuration will not work. You need a WAN address, no NAT.

    NAT needs to be configured between 3CX and the WAN itself. Because your ISP does NAT, they would need to configure the forwarding rules in order for this to work. Good luck with that.
     
  5. leejor

    leejor Well-Known Member

    Joined:
    Jan 22, 2008
    Messages:
    10,586
    Likes Received:
    252
    A few years ago, I helped set-up a friends internet install with Craig Wireless Internet in southern California. They have since shut down service.

    At first they provided a private IP. I managed to persuade then to provide a Pubic IP as the private IP was not compatible with some of the services that were going to be used, they needed certain ports going to certain devices, in the same way 3CX does.

    You might try asking them if they can do the same for you, perhaps suggesting that you will move to a different provider if they can't.. If you don't ask, the answer is automatically "no"
     
  6. rguyler

    Joined:
    Sep 8, 2016
    Messages:
    1
    Likes Received:
    0
    I disagree with this statement as this setup is no different than having a local firewall that is performing NAT. The NAT process itself does not change any of the Layer 4 header information so if the ISP is forwarding all ports back to the private address then a local port mapping should still work. I lean towards misconfigured rules in the Windows firewall (I would disable it for testing) or the ISP is sharing the public address and not passing all ports back to the private IP address.

    That said, if the latter is true then Ieejor's solution would be the best course of action to pursue.
     
  7. leejor

    leejor Well-Known Member

    Joined:
    Jan 22, 2008
    Messages:
    10,586
    Likes Received:
    252
    I suspect that this is the case. The ISP saves money in not requiring as many pubic IP's, which is probably sufficient for those with "simple" internet requirements.
     
Thread Status:
Not open for further replies.