TryLearn More

Use SIP trunks, WebRTC & Apps

Slash your Phone Bill by 80%

Configuring a Draytek 2820 Firewall with 3CX

On this topic

Introduction

Step 1: Disable SIP ALG

Step 2: Configure Port Forwarding (NAT)

Step 3: QOS Configuration - Bandwidth Management

Step 4: Creating a Class Rule

Step 5: Assign a Priority Level

Step 6:Validating Your Setup

Users of Draytek VoIP Models

Introduction

This document describes the configuration of a Draytek 2820 for use with 3CX Phone System. We will look into the NAT configuration necessary for 3CX Phone System and the QoS configuration to prioritize SIP and RTP traffic. This guide is based on firmware version 3.3.3, dated 23 October 2009.

Note: We cannot assist you in the configuration of your firewall.

Configuring a Draytek 2820 Firewall with 3CX

Step 1: Disable SIP ALG

You first need to disable SIP ALG on your Draytek Router by following the steps outlined below:

  1. Open a Command Prompt and telnet to the Draytek router by typing the following command:

telnet IP-Vigor_Router

  1. Enter the following two commands to disable the SIP ALG Handler on the device:

sys sip_alg 0

sys commit

  1. If you are using model Vigor2750 or Vigor2130, instead use the following commands:

kmodule_ctl nf_nat_sip disable

kmodule_ctl nf_conntrack_sip disable

Step 2: Configure Port Forwarding (NAT)

  1. Browse to the Router’s Web Interface (default IP address is 192.168.1.1).
  2. Go to the “NAT > Open Ports” menu item.

Go to the first free position in the <b>“Open Port”</b> menu, and configure.

  1. Go to the first free position in the “Open Port” menu, and configure as follows:
  • Ensure the “Enable Open Ports” checkbox is enabled
  • Set the “Comment” field value to “3CX”
  • Set the “WAN Interface” field to “WAN1”
  • Set the “Local Computer” field to the assigned IP address of the 3CX machine (in this example 192.168.1.200)
  • Each line is used to open a single port or port range and set the protocol. Open all ports required by 3CX. For an up to date list of the ports required to be open check here.
  1. Click on the “OK” button at the bottom of the page. This will send you back to the “Open Ports” summary page.

The <b>“Open Ports”</b> summary page.

Step 3: QOS Configuration - Bandwidth Management

  1. Browse to the Router’s Web Interface (the device’s default IP address is 192.168.1.1).

<b>“Bandwidth Management”</b> -> <b>“Quality of Service”</b> menu item

  1. Go to the “Bandwidth Management > Quality of Service” menu item.
  2. Click the “Edit” link in the “Service Type” column.

Edit "Quality of Service" screen.

  1. For each port and port range your 3CX installation uses, fill in the following fields. Add:
  • Service Name: use a suitable name to denote what this port is used for.
  • Service Type: TCP and/or UDP depending on the port you are opening.
  • Type: Single or Range
  • Port Number: the service port number or range to add
  1. Repeat step 4 for all ports used by your 3CX installation.

Note: An updated list of the default ports used by 3CX can be found here.

Step 4: Creating a Class Rule

  1. Click on the “Edit” link in the “Class 1” row in the “Rule” column
  2. Set the “Name” field to “3CX VoIP”
  3. Click on the “Add” button
  4. Set the:
  • “ACT” field to enabled
  • “Local Address” field to the IP address of the PBX machine (in this example 192.168.1.200)
  • Ensure the “Remote Address” field is set to “Any”
  • Ensure the “DiffServ CodePoint” field is set to “Any”
  • In “Service Type” add one of the service types you created in Step 3.
  1. Click the “OK” button
  2. Repeat steps 1-5 for all services created in Step 3.

"Quality of Service" rules summary page.

  1. When finished click on the “OK” button to save the Class Rule.

Step 5: Assign a Priority Level

Now we need to instruct the router to assign a priority level to traffic of class “3CX VOIP”.

  1. In  “Bandwidth Management” > “Quality of Service” click on the “Setup” link on the “WAN1” row.
  2. Check the “Enable the QoS Control” checkbox, and set the traffic direction to “BOTH”
  3. Set the “Reserved_bandwidth Ratio” field for traffic of class “3CX VOIP” to 70%
  4. Set the “Reserved_bandwidth Ratio” field for traffic of Class 2 and Class 3 to 10%
  5. Click on the “OK” button to complete the configuration

Note: The “Reserved_bandwidth Ratio” percentage does not reserve bandwidth at all times, but only when other traffic types are competing with the “3CX VOIP” class traffic for bandwidth.

Step 6:Validating Your Setup

Log into your 3CX Management Console → Dashboard → Firewall and run the 3CX Firewall Checker. This will validate if your firewall is correctly configured for use with 3CX.
More information about the Firewall Checker can be found
here.

Users of Draytek VoIP Models

If you have a Draytek VoIP model you also need to perform the following steps in addition to the steps described above to enable it to work with 3CX Phone System:

  1. Log in to your Draytek Router’s Web Interface
  2. Select VoIP and then click on SIP Accounts in the Draytek Management Console
  3. Select Change the SIP port in VoIP to something else other than 5060

Note: All SIP account ports should be changed.

  1. Press OK to save your changes.

When you finish modifying all your accounts, restart your Draytek Router.

Free for up to 1 year! Select preferred deployment:

On-Premise

for Linux on a $200 appliance or as a VM

Get the ISO

On-Premise

for Windows as a VM

Download the setup file

On the cloud

In your Google, Amazon, Azure account

Take the PBX Express