4716 Tenmile Desert Center, CA 92239
760-227-0534 info@techdatapros.com

Configuring your firewall for 3CX

Are you considering trying out 3CX, the software IP PBX platform for Windows, and need to know what ports you may need to open/forward in your firewall? This article will give you all the information you need to get 3CX running behind your firewall. If you are not going to have any external connections such as remote phones or SIP trunks, then you can ignore all of this since there will be no need to open your firewall if you don’t need outside connections. However, if you are going to use SIP trunks or have remote phones, then you will need to know which ports to forward to your PBX system.

Remote Phones and SIP Trunks

Remote phones and SIP trunks use two sets of ports. The first port is used by the SIP protocol to establish the phone call and set up the communication. The SIP communication uses UDP 5060.

Once the SIP protocol has established the call, the audio portion of the call can begin. The audio portion of the call uses RTP to send the voice packets back and forth. Each call will require two ports to be available. Usually its recommended to forward UDP ports 9000-9049 to the PBX.

3CX Tunneling

3CX has a tunneling protocol built-in for use with the 3CX Softphone or for bridging machines together. This tunnel requires that a single port be forwarded. You will need to forward port 5090 with both UDP and TCP to your PBX server in order for the tunnel services to work properly.

Testing your setup

If you would like 3CX to test your firewall configuration, go to the 3CX Services and stop the 3CX Phone System Service and the 3CX Tunnel Service.Next, go to Settings, and Firewall Checker and let the tests run. If everything goes right, you should get a page of messages telling you if things are working properly or not. When finished, start the services back up again.