Port Restricted Network

Discussion in '3CX Phone System - General' started by pstmg, Apr 7, 2016.

Thread Status:
Not open for further replies.
  1. pstmg

    Joined:
    Dec 9, 2012
    Messages:
    49
    Likes Received:
    0
    Hello all

    our company have experienced the following problem: we give tech assistance to a local hospital to their medical equipments and sometimes our tech staff have to go to sub-levels 3 or 4 (near morgue) where there is no GSM signal avaliable. The good news is there is a hospital wifi network avaliable, the problem is: we can't connect to our sip server nor establish voice calls between our staff down there, because the network has port restrictions. We can use the http protocol to browse sites and apps like whatsapp work fairly down there. So my question is: is it possible to route SIP/RTP traffic to another port allowed in this network, like 3CX softphone does when it uses the tunnel ???
    It's useless to ask the Hospital IT guys to open the network: Still waiting for a reply in months...

    Thanks
    Paul
     
  2. lneblett

    lneblett Well-Known Member

    Joined:
    Sep 7, 2010
    Messages:
    2,064
    Likes Received:
    58
    I think the answer is possibly, but it may depend on your system and what it does normally and the impact that a change may have to this while trying to meet your special circumstance. If using SIP for your normal service, the change to accommodate the hospital may not be supported by the SIP provider.

    Also, keep in mind the possibility that if ports are opened, that they may be forwarded to specific devices within the hospital using specific protocol types that might not meet the need, i.e.; a TCP connection when you need UDP.

    I take it that the tunnel does not get through?
     
  3. leejor

    leejor Well-Known Member

    Joined:
    Jan 22, 2008
    Messages:
    10,582
    Likes Received:
    248
    Are they using a proxy server or just blocking certain ports? If they are not using a server then by changing the ports you are using you may be able to get around it as is done in countries where VoIP is prohibited/blocked.
    How difficult it will be, depends too on whether they are deliberately blocking ports for security reasons, or, the ports you have tried are currently used for other equipment.
    As suggested, try using the tunnel. Although you will probably be limited to one phone using that , at a time.
     
  4. pstmg

    Joined:
    Dec 9, 2012
    Messages:
    49
    Likes Received:
    0
    hello all, thanks for your reply.

    I've tried to use 3CX Softphone with Tunnel and directly to PABX with no success. I guess they are blocking certain ports except port: 5223, 5228, 4244, 5242, 443, 80 and 5222. (whatsapp use this ports range)
    I've also tried to connect to the 3cx server using 3CX SBC trought VPN (PPTP) but it was useless. So I wonder if it is possible to use 3CX Tunnel in another port: instead of 5090 maybe 80 or 443 or even 5222 ??
     
  5. lneblett

    lneblett Well-Known Member

    Joined:
    Sep 7, 2010
    Messages:
    2,064
    Likes Received:
    58
    I believe changing the tunnel port is possible, but whether or not you can use one of the available ports that are open is something that you will have to test. I assume they opened the ports for various reasons and that some are dedicated to other applications and devices.

    Good luck.
     
  6. pstmg

    Joined:
    Dec 9, 2012
    Messages:
    49
    Likes Received:
    0
    Well I am pretty sure that they use some port range (maybe the same as whatsapp) to mantain comms with doctors, nurses, maintenance personnel and other staff: Almost all use cisco handheld IP phones so I guess ports have to be opened... I will try to put the 3CX server Tunnel in another port and see what comes from here..
    will let you know later....

    cheers
    Paul
     
  7. lneblett

    lneblett Well-Known Member

    Joined:
    Sep 7, 2010
    Messages:
    2,064
    Likes Received:
    58
    Without knowing the hospital as you, it may be that the doctor's and all using the wi-first for phones are not traversing the router to the WAN, but using local resources.
     
  8. leejor

    leejor Well-Known Member

    Joined:
    Jan 22, 2008
    Messages:
    10,582
    Likes Received:
    248
    If you do succeed in getting a registration by changing the tunnel port number, you will probably (I haven't tested this) be limited to using only one device. This would be that same as attempting to use two SIP devices, each using local port 5060, behind a remote router. All sorts of strange behaviour can result.
     
Thread Status:
Not open for further replies.