Configuring Lancom with 3CX
On this topic:
This document describes the configuration of Lancom 1781A devices for use with 3CX. This manual is based on firmware LCOS 9.24 and should be compatible with any device running this firmware. Although settings can be done via Telnet or the web interface, it is recommended to follow the guide via the LanTools and LanMonitor.
Configuration of the firewall will never be carried out by 3CX at any point and must be done by the System-Administrator of the company. You must understand the risk of opening ports to the World Wide Web. Read https://www.3cx.com/blog/docs/securing-hints/ for more information. The provided guide is based on the best known way to configure Lancom devices. 3CX is not liable for any misguidance that may occur when going through this guide. This guide must be used as an example and not as a guideline, for step by step configuration, since the UI may vary (based on the model and firmware version) and/or the described steps might need to be adjusted to fit the existing Lancom configuration.
Step 1: Disable SIP ALG
Open the LanTools and navigate to “Konfiguration > SIP-ALG” and disable it.
Step 2: Port Forwarding (NAT)
To create inbound access list open “Konfiguration > IP-Router > Masquerading”
And create the entries. Under “Address” add the internal IP of your 3CX.
If you have installed 3CX on the default port 5001 or 443 alter the highlighted entry accordingly.
Step 3: Inbound Access List
Navigate to “Firewall > General” and ensure IPv4-Firewall is enabled
Click on “IPv4-Rules” and create a Station-Object 3CXSRV with the internal IP of 3CX.
Click on “Service-Object” and create a set of rules similar to Step 1 with the ports and transports as seen below. Update the 3CXMNG-Port according to your installation port.
Finally create Rules. Allow and tag the following rules for QOS:
Step 4: Outbound Access List
Since a Lancom router does not block any outgoing packets in the basic setting, no rules need to be set up. If there is a general rule for blocking or only certain packages should be allowed duplicate the inbound rule list for outbound.