Zyxel P660H-D1 and Firewall Checker

Discussion in '3CX Phone System - General' started by RockITS, Jun 23, 2014.

Thread Status:
Not open for further replies.
  1. RockITS

    Joined:
    Jun 23, 2014
    Messages:
    3
    Likes Received:
    0
    HI,
    I have got a Zyxel P660H-D1 installed with NAT rules set up to forward ports 9000-9049 to the IP address of the 3CX. I have also set up the same rules on the firewall. Yet when I run the firewall checker, it fails on ports 9015-9049. The client is getting audio issues and some calls drop after 30 seconds.
    I have disabled SIP ALG on the router via telnet.
    My ISP has told me that SIP ALG must be enabled which goes against almost all other advice and goes against 3CX best practice.
    Any advice as to why the F/W checker fails only on this aspect? All other tests pass including ports 9000-9014. I have attached the NAT and FW rules (F/W rules are all bundled into the first rule but added as separate rules to show what rules are in place.)
    Thanks
     

    Attached Files:

    • nat.PNG
      nat.PNG
      File size:
      20.1 KB
      Views:
      663
    • FW.PNG
      FW.PNG
      File size:
      28.1 KB
      Views:
      663
  2. MariosS_3CX

    Joined:
    May 26, 2014
    Messages:
    12
    Likes Received:
    0
    Hey there,

    Please ensure that the Zyxel device has been configure as per the guide available here http://www.3cx.com/blog/docs/zyxel-router-3cx/
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. RockITS

    Joined:
    Jun 23, 2014
    Messages:
    3
    Likes Received:
    0
    Thanks for the reply. I did read this article and although the router is a different model the GUI is the same. The only difference is that I did not apply each rule separately, I created one rule and added all the services/ports to it.
    I will create each rule individually, (they are already there, I just need to remove the first one and enable the rest) and see if that helps. Will update later on.
     
  4. RockITS

    Joined:
    Jun 23, 2014
    Messages:
    3
    Likes Received:
    0
    Router is set up exactly as the document instructed. But I am still dropping inbound calls after 30 seconds. Firewall checker fails on ports 9017-9023 and 9048/9 it passes all other tests but inbound calls are dropping.
    Rebooted the 3CX server and calls are ok now, but they will start dropping again as this has happened previously. Until the FW checker has passed all the checks I cant get any further with support as they stipulate this as the reason.
    Any advice as to why just these ports fail? server f/w is off

    Thanks
     
  5. complex1

    complex1 Active Member

    Joined:
    Jan 25, 2010
    Messages:
    752
    Likes Received:
    38
    Hi,

    9 out of 10 when an incoming call drop, it is a firewall issue.
    Internal router/firewall timers closes for security reasons after time ports who are opened. So something has to keep open these ports before the router closes them.
    What you can try is in 3CX server to switch on the “Enable Keep Alives” option. This can be found at Settings >> General >> Global Options.
    Maybe you have to adjust the Interval timer too.

    To run the firewall checker without issues lower the range of the 9000 ports to 9000-9007 for 4SC calls. Also change this range in your router.
    Ports can be found in Settings >> Network >> Ports

    Hope it helps.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Thread Status:
Not open for further replies.