3CX PBX in the Cloud
1 year FREE - no ties!
google cloud platform
3CX
Zero Admin
With the new Dashboard
3CX
Bulletproof Security
With SSL certs and NGINX
3CX
Install on $200 Appliance
Intel MiniPC architecture
3CX
New, Intuitive Windows Client
More themes, more UC
3CX
More CRM Integrations
Scripting Interface to add your own
3CX
Improved Integrated Web Conferencing
iOS and Android apps included
3CX
Run On-Premise or in the Cloud
Google, OVH, Windows & Linux
Fast & easy call management
With the 3CX Web Client

Guide on How to Configure pfSense Firewall for Use With the 3CX Phone System

Configuring a pfSense Firewall with 3CX

Introduction

Step 1: Configure Port Forwarding (NAT)

Step 2: Port Preservation

Step 3: Optional Settings

Step 4:  Validating Your Setup

Introduction

This document describes the configuration of pfsense for the use with 3CX Phone System. This manual is based on version 2.0.

Step 1: Configure Port Forwarding (NAT)

Open the web management console of the pfsense machine.

  1. Navigate to “Firewall → NAT”.
  2. Use the “+” symbol on the right to add a new rule.

  1. Create NAT rules for all required ports. The list of ports that needs forwarding can be found here:
  • Protocol: Set the protocol type depending on the port(s) you are forwarding
  • Destination port range: Select the Port/Port-Range for the NAT. If the Port is not predefined as shown for SIP enter the ports manually.
  • Redirect target IP: Enter the internal IP address of the 3CX Phone System
  • Redirect target port: Enter the internal port (which commonly is the same as the external port)
  • Description Label the rule for easier identification at a later stage
  • NAT reflection: Add associated filter rule
  • Save/Apply the config and repeat this steps for each NAT required.
  1. Repeat #3 for every port that needs forwarding.
  2. After adding all rules, they should look similar to the following:

Step 2: Port Preservation

  1. Navigate to “Firewall → NAT → Outbound”
  2. Set the type from automatic to manual and press “Save”
  3. A list of pre-set outbound rules will be created. Find the rule “Auto created rule for XXX to WAN”, where XXX is the Name for your Lan interface.
  4. Press the “+” to create a copy of it.

  1. In the rule define the:
  • LAN IP of 3CX (e.g. 192.168.3.155)
  • Translation to “Static port: ON”
  1. Move the rule to the first position inside your “outbound nat table” to ensure operation (shown in the first screenshot of this section”.

Step 3: Optional Settings

This option should not be set by default and only be changed if your remote phones or voip provider mostly work, but randomly disconnect then set the following option.

  1. Go to “System → Advanced”
  2. Set “Firewall Optimization Options” as “Conservative”.

Step 4:  Validating Your Setup

Log into your 3CX Management Console → Dashboard → Firewall and run the 3CX Firewall Checker. This will validate if your firewall is correctly configured for use with 3CX.
More information about the Firewall Checker can be found
here.

Get 3CX Free for 1 Year Today
Download On-Premise Try in the Cloud