• V20: 3CX Re-engineered. Get V20 for increased security, better call management, a new admin console and Windows softphone. Learn More.

SBC Required Ports

Status
Not open for further replies.

knollwood

Free User
Joined
Mar 21, 2017
Messages
17
Reaction score
3
Just put the SBC on a Windows machine. The installer created Windows firewall rules to open port 5060.

I can get the SBC to communicate with the cloud server, but only when I turn off Windows Firewall completely. With it on, phones connecting through the SBC won't connect to the cloud server.

I ran logging on the Windows Firewall. When it's turned on, it's blocking port 5353 that seems to be part of the SBC functionality. The installation docs say only 5060 needs to be opened.

Amy I missing something? What is port 5353 and why is it affecting me?

Thanks!
 
i would not recommend using a windows SBC if these phones are used for a business, they crash - constantly. The windows service is a joke. We've used it, in quantity, on windows 7, 8, 10 boxes, server os 03, 08, 12, and 16. If you have a relationship with your customer it will quickly degrade it when their phones just suddenly stop working several times per month.

Try it on a raspberry pi, we just recently switched to those and are having better luck , but not much data behind it yet. If those dont work reliably we will unfortunately be switching from 3cx. We have exhausted every other solution, including support.

We do about 1 or 2 systems per day, so we have medium volume.

To address your question, make sure 5060, 5353, and 5090 are open.

Ensure your tunnel password is set correctly on the PBX and the SBC also. The SBC does have some logs look for them in the in installation directory, sometimes they are helpful in pointing to the issue of why it wont hit the PBX.
 
The PI SBC's can be rock solid, but there area few things that really matter: Make certain to complete the /etc/3cxsbc.conf file. The LocalSipAddr and LocalSipPort parameters are commented out as if they don't matter. They do. Uncomment the lines and put in the correct values.

A quick check to see if its working is to do netstat | grep 5090 which will show you if it's connected. Its tempting to turn on the SBC log, but the disk space will fill up on you and the SBC will mysteriously fail in a week or so.

No changes in the firewall are necessary so long as you allow all outgoing traffic. I certainly would not allow 5060 inbound, unless you want to be best friends with Sip Vicious.
 
Last edited:
i would not recommend using a windows SBC if these phones are used for a business, they crash - constantly. The windows service is a joke. We've used it, in quantity, on windows 7, 8, 10 boxes, server os 03, 08, 12, and 16. If you have a relationship with your customer it will quickly degrade it when their phones just suddenly stop working several times per month.

Try it on a raspberry pi, we just recently switched to those and are having better luck , but not much data behind it yet. If those dont work reliably we will unfortunately be switching from 3cx. We have exhausted every other solution, including support.

We do about 1 or 2 systems per day, so we have medium volume.

To address your question, make sure 5060, 5353, and 5090 are open.

Ensure your tunnel password is set correctly on the PBX and the SBC also. The SBC does have some logs look for them in the in installation directory, sometimes they are helpful in pointing to the issue of why it wont hit the PBX.


Can you tell me the support ticket IDs you have with us to follow up with them? The Windows SBC service is stable and if this is not the case in your installes we like to follow up. PIs are the most limited devices and the biggest issue is the LAN interface is connected via USB...
 
Stefan i can PM those to you. We have just shy of 50 windows SBC's in the field. Everyday we can expect atleast 1 of them to be offline due to the service randomly shutting off. Most of these are dedicated computers just for the SBC. Some are shared servers, but only very few.

What do you mean by pi's are the most limited? Can you elaborate on the biggest issue is the LAN is connected via USB? this doesnt make sense, what problems does this cause that you see with the PI?
 
Stefan might be confused about the PI. I'm talking about the Raspberry PI 3 with the V15 SBC service. The PI used to have a limit because the SBC service was single threaded, but now that it supports multi-threading - the PI can handle upwards of 20 extensions. Note that it is the BLF signalling that puts the load on the SBC. Older models had an internal USB network port but the PI 3 has a standard 1GB NIC. We have more than 80 of them in the field and have not had to reset or otherwise maintain any of them except when the local site has power or severe network issues.

At some time Sip Vicious like entities can invade the network resulting in a crash of the tunnel. That's the been the main cause of instability and we have been able to mitigate thru the use of dedicated VLANS and tight firewalls.
 
That is really, really, good to hear the stability you are seeing with a data set of 80. Thanks for shaing that. May i ask, are the SIP attacks effecting the sbc's that are using encrypted connections? (I think like step 3 or 4 in the sbc installation it asks "encryption" or "no encryption")?
 
The SIP attacks have been from infected "nodes" inside the network that look for open 5060 (the SBC) and then try 101 ways to connect. So the encryption has no impact. Also, on the PI, I'd suggest you become comfortable with the 'nano" editor and directly edit the /etc/3cxsbc.conf file. Over time, you'll want to be able to adjust things and its easier to spot typo's when you're used to the conf file contents.
 
  • Like
Reactions: OCWI
Excellent advice, i really appreciate the replies Kirk!

I will certainly do everything you are mentioning here!
 
  • Like
Reactions: DSXDATA
Status
Not open for further replies.

Getting Started - Admin

Latest Posts

Members Online Now

Forum statistics

Threads
141,621
Messages
748,857
Members
144,735
Latest member
Hammad.k
Get 3CX - Absolutely Free!

Link up your team and customers Phone System Live Chat Video Conferencing

Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.

3CX
A 3CX Account with that email already exists. You will be redirected to the Customer Portal to sign in or reset your password if you've forgotten it.