We've got a 3CX Server hosted in the cloud. On our internal network we have a 3CX SBC setup on a Raspberry Pi and we are using 3cx client on Windows laptops. We also have two older phones that cannot use the 3CX SBC, so they have to connect directly to the 3CX Server.Everything works perfectly, but now we are in the process of installing a Sophos UTM-9 Firewall. I've tried a few configurations, but no luck.
I've configured a Network Definition for our 3CX Cloud Server Public IP and hostname.
I've also configured Service Definitions for in a group called 3CX_Group. TCP 5000, 5001, 5015, 5061. UDP & TCP 5060, 5090. UDP 9000 - 9500 and 48000 - 65535.
I then created a firewall rule to allow service 3CX Group from internal network to our 3CX Server.
If I look at the log files it shows the rule being applied and access was given, but nothing works.SBC log
3CX Winows client
3CX Server login
I see that the port being sent from the client side is totally different. Any advice would be appreciated, thanks.
When I say nothing works,
I cannot access the 3cx sever web console.
The 3cx widows clients cannot register.
The 3cx SBC and phones cannot connect.
You have to allow host to be reached stun.3cx.com or stun1.3cx.com (i dont remember exactly), for "Nat Traversal". Google about it
The problem they dont register maybe the sip lines are not configured for outside use. This is in sip server configuration
I used 3cx server inside with inernal and external phones about 4 years ago
This could be work. Put the Cloud IP in "Sip Server Networks" and should be okIn my case was a different situation
@oldeda Thank you for the information. I will have a look.
I don't recall adding this, but on Interfaces & Routing -> Interfaces -> Additional Addresses -> my 3CX server was added to the PPPOE connection. [*-)] Once I removed it, I could access my 3CX Server in the cloud. My 3CX windows clients, SIP phone can register and connect.
I can make a phone call, but no audio. I assume this is to do with the NAT setup. I only configured Network Protection -> NAT -> Masquerading -> (Network: Internal network, Interface: PPPOE interface).
Should I remove Masquerading and setup NAT?
A rule "any, to any-service, 3CX server - allow" will be sufficent