Securing 3cx....

Discussion in '3CX Phone System - General' started by excellence2, Sep 1, 2017.

Thread Status:
Not open for further replies.
  1. excellence2

    Joined:
    Oct 5, 2012
    Messages:
    1
    Likes Received:
    0
    Few questions.....

    1. Is there a way to configure 3cxPhone (softphone) and IOS App to use port 5090 (tunnel) only from outside of our network. I'm trying to restrict SIP access to just our VoIP provider. We can't do this with dynamic IP addresses so was hoping using the 3cx tunnel would get around this. I'm making the assumption (maybe wrongly) that I don't need any separate software on my laptop or iPhone to use the tunnel.

    2. I believe port 5001 needs to be accessible for provisioning but I would like to restrict access to the admin console to the LAN only. We are not using IIS just so you know.

    Any help/advice would be much appreciated.

    Andy
     
  2. sip.bg

    sip.bg Active Member

    Joined:
    Nov 7, 2016
    Messages:
    704
    Likes Received:
    219
    You can configure your router / firewall to achieve the settings you want.

    To allow SIP trunk provider access to PBX you may forward only ports 5060 TCP&UDP and 9000-9255 UDP from source address(es) of the provider only to internal address of the PBX

    To allow remote softphones to connect to PBX via 3CX tunnel you need to forward port 5090 (TCP&UDP) from any source addresses to internal address of the PBX. This will allow only calls to pass through the firewall. To use presence data, chat, conference calls, phonebook, profiles and other settings, you need to forward also ports 5000 and 5001 TCP from any source addresses to the internal address of the PBX.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    YiannisH_3CX likes this.
Thread Status:
Not open for further replies.