Dismiss Notice
We would like to remind you that we’re updating our login process for all 3CX forums whereby you will be able to login with the same credentials you use for the Partner or Customer Portal. Click here to read more.

Solved Juniper Firewall Config

Discussion in '3CX Phone System - General' started by Phil George, Jan 8, 2018.

Thread Status:
Not open for further replies.
  1. Phil George

    Joined:
    Jan 8, 2018
    Messages:
    16
    Likes Received:
    0
    Hi - We have enabled firewall rules for our 3CX server, however since doing this the clients won't work on smartphones when outside of the network. Can anyone advise what ports we need to have open to allow them to connect?
     
  2. Saqqara

    Saqqara Well-Known Member

    Joined:
    Mar 12, 2014
    Messages:
    1,248
    Likes Received:
    202
  3. Phil George

    Joined:
    Jan 8, 2018
    Messages:
    16
    Likes Received:
    0
    Thanks, I hadn't found that first page before. Will try that now.

    It does fail yes, I haven't tried it since we made some further changes so will look to do that.
     
  4. Phil George

    Joined:
    Jan 8, 2018
    Messages:
    16
    Likes Received:
    0
    Just a further update on this, we added the ports but the smartphone client still isn't connecting. I presume it is to do with 5060, but if we open that we then see a lot of port scanning. Can anyone advise? Thanks
     
  5. sip.bg

    sip.bg Active Member

    Joined:
    Nov 7, 2016
    Messages:
    704
    Likes Received:
    220
    May be you can create a white access list with sites / providers which can access your PBX at port 5060. If you are not using such, you may disable port forwarding for port 5060.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. lneblett

    lneblett Well-Known Member

    Joined:
    Sep 7, 2010
    Messages:
    2,086
    Likes Received:
    64
    Its the nature of the game...unfortunately. As 5060 is a known standard port, it is one that is attacked frequently. If possible, set rules that only allow the items you want to be able to traverse....or.... you can use the 3CX client tunnel.
     
  7. YiannisH_3CX

    YiannisH_3CX Support Team
    Staff Member 3CX Support

    Joined:
    May 10, 2016
    Messages:
    7,301
    Likes Received:
    530
    3CX clients outside of the network should be configured to use the tunnel which is port 5090. If you are having issues with clients this is the first port to check.
     
  8. Phil George

    Joined:
    Jan 8, 2018
    Messages:
    16
    Likes Received:
    0
    Thanks Yiannish. So I have now got the firewall check from within 3CX working on everything apart from port 5060, which still fails. Port 5090 is already open to the internet on TCP and UDP and we still get the timeout error when trying to connect the client. What else can I try?
     
  9. YiannisH_3CX

    YiannisH_3CX Support Team
    Staff Member 3CX Support

    Joined:
    May 10, 2016
    Messages:
    7,301
    Likes Received:
    530
    Are you using a 3CX FQDN or your own? Does that resolve correctly to your public IP?
     
  10. Phil George

    Joined:
    Jan 8, 2018
    Messages:
    16
    Likes Received:
    0
    We are using the full 3CX FQDN, yes and it does resolve to our public IP if I ping from within our network. The thing is if we disable the firewall rule then it connects, so it must be a single port that is being blocked somewhere. It is just proving difficult trying to find that.
     
  11. Phil George

    Joined:
    Jan 8, 2018
    Messages:
    16
    Likes Received:
    0
    Have now resolved this. For anyone else suffering the same issue, port 5001 needs to be open to the internet not just 3CX IPs.
     
  12. YiannisH_3CX

    YiannisH_3CX Support Team
    Staff Member 3CX Support

    Joined:
    May 10, 2016
    Messages:
    7,301
    Likes Received:
    530
    Glad to hear the issue has been resolved and thank you for updating the thread with your solution
     
Thread Status:
Not open for further replies.