Guide on How to Configure a SonicWALL Firewall for Use With the 3CX Phone System
On this topic
This document describes the configuration of Dell Sonicwall devices based on an TZ100, TZ100W, TZ105, TZ105W, TZ200, TZ200W, TZ205, TZ205W, TZ210, TZ 210W, TZ215, TZ 215W, NSA 220, NSA 220W, NSA 240, NSA 2400, NSA 3500, NSA 4500, NSA 5000, NSA E5500, NSA E6500, NSA E7500, NSA E8500, NSA E8510 for the use with 3CX Phone System. Configuration of the firewall will never be carried out by the 3CX Staff at any point and must be made by the System Administrator of the company.
DELL Sonicwall firewalls require HotFix firmware or later
SonicOS 22.214.171.124o HotFix 152075
This guide is written for Sonicwalls that are configured as Many-to-One NAT, which is the most used configuration. If you have configured your firewall as One-to-One NAT its possible to use it with 3CX also but the configuration varies somewhat.
Configuring your SonicWall if using Many-to-One NAT
In order to configure the SonicWall you need to create the service objects for each Port or Port range that needs to be forwarded. To check the ports required, visit this link.
Then you place these service objects in a service group after which you have to apply the policies. To do this:
- Open the Web Management Console of the DELL SonicWall Firewall Gateway. Create Services objects for TCP/UDP ports for which 3CX needs Port Forwarding.
- Create the Service Group “3CX Services” and add all of the above Service Objects as members.
3. Create the Address Object ”3CX PBX” with the internal IP address, for example 192.168.3.155.
4. Now Create NAT Policies for 3CX inbound and outbound connections. If using an interface other than X1 as the WAN interface, then the Outbound Interface needs to be changed accordingly.
5. Edit the Advanced TAB and make sure that “Disable Source Part Remap” is disabled.
6. Add a NAT policy for inbound connections to the 3CX PBX. If using an interface other than X1 as the WAN interface, then the Inbound Interface needs to be changed accordingly.
7. Create the “Firewall → Access Rule” to allow WAN to LAN access to the 3CX PBX. If using an interface other than X1 as the WAN interface, the Destination needs to be changed accordingly.
8. Ensure that SIP Transformations (The Sonicwall term for SIP ALG) and Consistent NAT are disabled.
Run the 3CX Firewall Checker to validate the setup from the “3CX Management Console Dashboard → Firewall Check”. All tested ports must return a green “done” result.