Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
lrossi89
Contributor

3cx behind Quantum Spark SMB (centrally managed)

Hi All,

I read several posts
I read several things

We have a cluster of 1600 firewall (R80.20.50) managed centrally (MGMT R81.10 Cloud)

We have:

  • Disabled Inspection on the protocol (5060-5061) by  Web page of Appliance
  • Disabled inspection on the protocol (5060-5061) of the object on the centralized console
  • With and without IPS
  • Create static rules for the incoming and outgoing for the NAT  (for 3cx server)

But the anomaly: the calls disconnect randomly 

Anyone have some suggestions?

 

The only one noticed is : that the source port of the Connection is changed from firewall chain, it is possible to disable this in the system?

Firewall Checker (tool on 3cx)

resolving 'stun-eu.3cx.com'... done
resolving 'stun2.3cx.com'... done
resolving 'stun3.3cx.com'... done
resolving 'sip-alg-detector.3cx.com'... done
testing 3CX PhoneSystem 01 SIP Server... failed (How to resolve?)
stopping service... done
detecting SIP ALG... not detected
testing port 5060... Mapping does not match 5060. Mapping is 10400. (How to resolve?)
starting service... done
testing 3CX PhoneSystem Media Server... failed (How to resolve?)
stopping service... done
testing port 5090... Mapping does not match 5090. Mapping is 10401. (How to resolve?)
testing ports [9000..9398]... failed (How to resolve?)
testing port 9000... Mapping does not match 9000. Mapping is 10402. (How to resolve?)
testing port 9002... Mapping does not match 9002. Mapping is 10403. (How to resolve?)
testing port 9004... Mapping does not match 9004. Mapping is 10404. (How to resolve?)
testing port 9006... Mapping does not match 9006. Mapping is 10405. (How to resolve?)
testing port 9008... Mapping does not match 9008. Mapping is 10406. (How to resolve?)

0 Kudos
3 Replies
AndrewChui
Employee Alumnus
Employee Alumnus

Have you done also port/access/rules for your RTP traffic 10400-10405 for your phones?

0 Kudos
lrossi89
Contributor

 

 

Yes, sure

FW RULE

in

CatturaIN-1.PNG

out 

CatturaIN-2.PNG

static NAT

in & out 

CatturaNAT-1.PNG

0 Kudos
G_W_Albrecht
Legend Legend
Legend

Better contact TAC to get this resolved quickly !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events