Firewall Test Fails - unmatched mapping (4029) (On 5060)

Discussion in '3CX Phone System - General' started by kustek, Jul 25, 2016.

Thread Status:
Not open for further replies.
  1. kustek

    Joined:
    Feb 3, 2011
    Messages:
    4
    Likes Received:
    0
    Struggling with a Version 15 system, just deployed 3 weeks ago. Has intermittent issue with failing inbound calls. When in bound calls are failing then the firewall test also fails and we get a " unmatched mapping (4029)" failure message on port 5060.

    We have even completely replaced the firewall and now removed it altogether and still have this issue. If we un-install version 15 and then re-install and restore from backup then it will work for about 2-3 days and then fail again.

    Anyone seen this??
     
  2. pj3cx

    pj3cx Active Member

    Joined:
    Aug 1, 2013
    Messages:
    645
    Likes Received:
    1
    Hi there,
    In case of mapping errors, please review your firewall/router configuration to ensure that the NAT is correctly setup for one-to-one NAT / full cone NAT. For more information on this matter please see link: http://www.3cx.com/blog/docs/firewall-voip-rules-check/
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. PhatPanda

    Joined:
    Aug 26, 2015
    Messages:
    56
    Likes Received:
    3
    I'm curious what you would see when inbound calls would fail, we experience a very intermittent problem where inbound calls will ring on 3cx, but not connect, and the caller does not hear the ringing. Multiple instances of the call are created, and kind of start/stop, and you can never pick up the call. Issue resolves itself after 10-20 minutes. I was assuming it was our firewall, but I have to catch it the act for the firewall support to help out, which is difficult.
     
  4. benratty

    Joined:
    May 23, 2011
    Messages:
    72
    Likes Received:
    0
    I had some issues with this as well, we just went with recommended model and setup instructions on 3CX website for Draytek Vigor 2800 series firewalls/routers and all firewall tests run perfect now.
     
  5. sjp_crs

    Joined:
    Sep 19, 2016
    Messages:
    34
    Likes Received:
    0
    We had this on our Sonicwalls. The latest Firmware upgrade on the firewall fixed it.

    Not sure what your setup is, but look for 'Source Port Remap' or a similar option in your NAT/Port Forward rules and disable it.
     
  6. cactus

    Joined:
    Oct 17, 2014
    Messages:
    7
    Likes Received:
    0
    Thanks for the clue.

    It is the port range to expand to cover port 9000 to 9255:

    [​IMG]

    /gustav
     

    Attached Files:

    #6 cactus, Oct 6, 2016
    Last edited by a moderator: Feb 20, 2017
  7. nb

    nb Support Team
    Staff Member 3CX Support

    Joined:
    Jun 7, 2007
    Messages:
    2,128
    Likes Received:
    152
    open 9000 - 9500 UDP
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. 3cxBora

    Joined:
    Jun 17, 2015
    Messages:
    35
    Likes Received:
    0
    HI, I opened all the port listed for Draytek 2925, but I am still getting firewall checker failing on 3cx Media Server.

    Any ideas why and how to fix it.
     

    Attached Files:

  9. aberry

    aberry New Member

    Joined:
    Jan 13, 2015
    Messages:
    118
    Likes Received:
    7
    Make sure NAT is set to 1 to 1, so that ports are not remapped. Sometimes you have a SIP helper, or SIP ALG function built into the firewall that tries to help when it sees SIP traffic. Make sure to turn those features off if they are included in your firewall.
     
  10. aberry

    aberry New Member

    Joined:
    Jan 13, 2015
    Messages:
    118
    Likes Received:
    7
    I guess you may not have many options from the screenshots of that firewall. In a situation like that I would probably just setup 3CX outside of the frewall, or DMZ it so that you don't have to fight with the firewall settings. Close ports on the 3CX box itself that aren't needed.
     
  11. damirmih

    Joined:
    Nov 22, 2016
    Messages:
    11
    Likes Received:
    0
  12. ALuisPV

    Joined:
    Mar 7, 2016
    Messages:
    28
    Likes Received:
    1
    Hi ,

    in first instance, you would check the network configuration of the Operating System: How many NICs and IPs do you have?. If you have more than 1 NIC and / or IP, you should check that the Routing configuration is correct in you Operating System.

    In second instance, you would check that there is not any kind of antivirus (with integrated firewall features) is causing the conflict.

    And finally, check you Router / Firewall (Full Cone NAT, disable SIP ALG, etc.)

    In any case, a SIP trace taken from the machine with 3CX may be helpful to determine where can be the issue.

    Best Regards.
     
  13. mainc

    Joined:
    Jul 27, 2011
    Messages:
    3
    Likes Received:
    0
    Having the same issue as Damirmih... Very frustrated that this still happens with ALL firewalls turned off completely. Does anyone have a fix for this??? Starting to consider switching to a different PBX at this point, this is ridiculous.
     
  14. YiannisH_3CX

    YiannisH_3CX Support Team
    Staff Member 3CX Support

    Joined:
    May 10, 2016
    Messages:
    6,016
    Likes Received:
    421
  15. mainc

    Joined:
    Jul 27, 2011
    Messages:
    3
    Likes Received:
    0
    Still unresolved... I have ALL UTM/Router firewall ports COMPLETELY OPEN and every time we reboot the server, the firewall fails and sip services fail to start until we login and start them manually. Very disappointed with 3CX for the lack of support and care/respect for their users. Will be looking online for an older version of Elastix, which actually worked (what a concept) soon if 3CX does not contact me personally with any useful help. This bug is ridiculous, why hasn't it been fixed yet? 3CX, you have people here looking into paying for your product. Don't turn them away!
     
Thread Status:
Not open for further replies.