Solved Unable to pass firewall check v15 with SonicWALL

Discussion in '3CX Phone System - General' started by JerN, Mar 24, 2017.

Thread Status:
Not open for further replies.
  1. JerN

    Joined:
    Mar 24, 2017
    Messages:
    12
    Likes Received:
    0
    I'm currently testing the 3CX v15 PBX. I have it sitting behind a SonicWALL NSA2600 with Firmware 6.2.5.3-35n. I've followed the guide on how to setup SonicWALL to work with 3CX. The only addition I've made is a static route as I have 2 wan connections. I am unable to get the firewall check to pass. I'm hoping someone can provide some insight into what I may need to do. Here are screenshots of my setup:

    Service Objects:
    [​IMG]

    Service Groups:
    [​IMG]

    NAT Policies:
    [​IMG]
    Firewall Policy:
    [​IMG]

    Static Route:
    [​IMG]

    When I run the firewall checker the resolving stun works however everything else fails with an error of "unmatched mapping"

    I've run the packet capture on the SonicWALL and it is forwarding the packets to the 3CX PBX. I am able to send and receive calls however I'm concerned that this could create unforeseen issues in the future.

    Thanks for any help you can provide.
     
  2. Ian Carson

    Joined:
    Mar 23, 2017
    Messages:
    18
    Likes Received:
    2
    Have you disabled port remapping using the checkbox on the Advanced tab of you NAT policy (I think it's on the outbound one)
     
  3. Ian Carson

    Joined:
    Mar 23, 2017
    Messages:
    18
    Likes Received:
    2
    You might also like to consider letting the SW setup a reflexive NAT policy rather than setting up two separate ones manually
     
  4. JerN

    Joined:
    Mar 24, 2017
    Messages:
    12
    Likes Received:
    0
    Yes, the "disable port remapping" box is checked for both the outbound and loop back policies.
     
  5. Ian Carson

    Joined:
    Mar 23, 2017
    Messages:
    18
    Likes Received:
    2
    Okay. Is your PBX machine behind a Routing and Remote Access Server. That was my problem as I was unable to get the RRAS to stop remapping.
     
  6. JerN

    Joined:
    Mar 24, 2017
    Messages:
    12
    Likes Received:
    0
    I've finally got it working. I had to make a change in my firewall rule to change "destination" from "X2 Default Gateway" to "Any." Now everything tests OK.

    [​IMG]
     
  7. MRM

    MRM

    Joined:
    Dec 21, 2016
    Messages:
    53
    Likes Received:
    3
    Hi JerN,

    Thanks for the update and everything is working now.
     
  8. procomm365

    Joined:
    Apr 21, 2015
    Messages:
    1
    Likes Received:
    0
    Hi guys,

    I found on this posting, about SonicWall Firewall setting, https://www.3cx.com/blog/voip-howto/sonicwall-firewall-configuration/, that steps 4 is kind of misleading; I followed instructions on that post and Firewall Check has failed, then I had to adjust settings as following (on step 4):

    On NAT Policies, for 3CX Outbound Connections, Original Service should be "3CX Services", instead of Any.
    upload_2017-5-9_13-21-21.png

    Advanced TAB, “Disable Source Part Remap” must be ENABLED and not disabled as the original post says.
    upload_2017-5-9_13-23-22.png
     
Thread Status:
Not open for further replies.