This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

3CX external clients trying to connect 3CX hosted in Cloud


We've got a 3CX Server hosted in the cloud. On our internal network we have a 3CX SBC setup on a Raspberry Pi and we are using 3cx client on Windows laptops. We also have two older phones that cannot use the 3CX SBC, so they have to connect directly to the 3CX Server.
Everything works perfectly, but now we are in the process of installing a Sophos UTM-9 Firewall. I've tried a few configurations, but no luck.

I've configured a Network Definition for our 3CX Cloud Server Public IP and hostname.

I've also configured Service Definitions for in a group called 3CX_Group. TCP 5000, 5001, 5015, 5061. UDP & TCP 5060, 5090. UDP 9000 - 9500 and 48000 - 65535.

I then created a firewall rule to allow service 3CX Group from internal network to our 3CX Server.

If I look at the log files it shows the rule being applied and access was given, but nothing works.
SBC log

3CX Winows client

3CX Server login

I see that the port being sent from the client side is totally different. Any advice would be appreciated, thanks.

This thread was automatically locked due to age.
  • When I say nothing works,

    I cannot access the 3cx sever web console.

    The 3cx widows clients cannot register.

    The 3cx SBC and phones cannot connect.



  • You have to allow host to be reached or (i dont remember exactly), for "Nat Traversal". Google about it

    The problem they dont register maybe the sip lines are not configured for outside use. This is in sip server configuration

    I used 3cx server inside with inernal and external phones about 4 years ago


    This could be work. Put the Cloud IP in "Sip Server Networks" and should be ok
    In my case was a different situation

  • @ Thank you for the information. I will have a look.

  • I don't recall adding this, but on Interfaces & Routing -> Interfaces -> Additional Addresses -> my 3CX server was added to the PPPOE connection. [*-)] Once I removed it, I could access my 3CX Server in the cloud. My 3CX windows clients, SIP phone can register and connect.

    I can make a phone call, but no audio. I assume this is to do with the NAT setup. I only configured Network Protection -> NAT -> Masquerading -> (Network: Internal network, Interface: PPPOE interface).

    Should I remove Masquerading and setup NAT?

  • Fixed. All working now. Masquerading settings was correct. I had RTP service incorrectly configured on TCP and not UDP. I've also added my 3CX server to the exception list of Intrusion Prevention.
    So my problem was, I had no Masquerading and incorrect RTP service configured as TCP and not UDP.
  • A rule "any, to any-service, 3CX server -  allow" will be sufficent

    Good job