Configuring a Kerio Control Appliance with 3CX
In this post we describe the configuration of a Kerio Control appliance for use with 3CX Phone System. This configuration is based on version 8.3.0 build 1988. However the Firewall features SIP and HTTP inspection where the functionality could not be determined. For SIP, the inspection is to be disabled, but the HTTP-Proxy/Content Filter rules may affect the connection to 3CX for updates and MyPhone connections (not part of this document).
Step 1: Configure Services
- Use a web browser to open the Kerio Control Web Admin portal and navigate to “Definitions” → “Services”.
- Click “Add” and then “Add Service” to create a new service. To determine which ports need to be opened, the full list can be found here. Specify the following information:
- “Name”: A short friendly name to easily recognise the rule
- “Description”: A description of the port you are forwarding
- “Protocol”: UDP and/or TCP - depending on the port you are creating the rule for
- “Protocol Inspector”: None
- “Source Port”:
- “Condition”: Any
- “Destination port”:
- “Condition”: “Equal to” or “In range” - depending on whether creating rule for single or range of ports
- “Port”: enter the port or range of ports you are forwarding
- In “Definitions → Services”, now press “Add” then “Add Service Group”.
- “Name”: 3CX Phone System
- Use “Add” to add all the services created in #2.
- Press “OK”, then “Apply” to save your configuration
Step 2: Configure Port Forwarding (NAT)
- From the Kerio Control Web Admin portal, go to “Traffic Rules”:
- Click the the “Add” button to create a new rule.
- Select the “Port mapping” option and enter:
- “Host”: Specify the LAN IP address of the 3CX Server (1).
- “Service”: Click “Select” (2) and select the “3CX Phone System” Service group you have created earlier. Click “OK” (3) to complete.
- Click “Next” to finish the setup.
- The rule created must be placed at an appropriate position, so that its not in conflict with any other rule.
Step 3: Validating Your Setup
Log into your 3CX Management Console, go to “Dashboard” → “Firewall” and run the 3CX Firewall Checker. This will validate if your firewall is correctly configured for use with 3CX.
More information about the Firewall Checker can be found here.