Configuring a SonicWALL Firewall with 3CX
Introduction
This document describes the configuration of Dell Sonicwall devices based on an TZ100, TZ100W, TZ105, TZ105W, TZ200, TZ200W, TZ205, TZ205W, TZ210, TZ 210W, TZ215, TZ 215W, NSA 220, NSA 220W, NSA 240, NSA 2400, NSA 3500, NSA 4500, NSA 5000, NSA E5500, NSA E6500, NSA E7500, NSA E8500, NSA E8510 for the use with 3CX Phone System. This guide is written for Sonicwalls that are configured as Many-to-One NAT. Please note that we cannot assist you in the configuration of your firewall.
Requirements
DELL Sonicwall firewalls require HotFix firmware SonicOS 5.8.1.15o HotFix 152075 or later
Step 1: Create Service Objects
In order to configure the SonicWall you need to create the service objects for each Port or Port range that needs to be forwarded. Then place these service objects in a service group after which you have to apply the policies.
- Open the Web Management Console of the DELL SonicWall Firewall Gateway and go to Network → Services.
- In section “Services” add one service object for each port that 3CX requires forwarding for.
- In section “Service Groups” add a new service group named “3CX Services” and add all of the above Service Objects as members.
- Now go to Network → Address Object and locate section “Address Objects”.
- Here add a new Address Object and set:
- Name: 3CX PBX
- Zone Assignment: LAN
- Type: Host
- IP Address: The LAN IP address of your 3CX Server
Step 2: Create NAT Policy
- Go to “Network → NAT Policies” and press “Add”.
- Create your Inbound NAT policy by filling in the following fields:
- “General” tab
- Original Source: Any
- Translated Source: Original
- Original Destination: WAN Interface IP
- Translated Destination: 3CX PBX (this is the Address Object created in Step 1)
- Original Service: 3CX Services (this is the Service Group created in Step 1)
- Translated Service: Original
- Inbound Interface: Select the WAN interface your 3CX Will be using
- Outbound Interface: Any
- Comment: 3CX Inbound Connections
- Enable NAT Policy: Checked/Enabled
- Press “Add” again to create your Outbound NAT policy by filling in the following fields:
- “General” tab:
- Original Source: 3CX PBX (this is the Address Object created in Step 1)
- Translated Source: WAN Interface IP
- Original Destination: Any
- Translated Destination: Original
- Original Service: Any
- Translated Service: Original
- Inbound Interface: Any
- Outbound Interface: Select the WAN interface your 3CX Will be using
- Comment: 3CX Outbound Connections
- Enable NAT Policy: Checked/Enabled
- “Advanced” tab:
- Disable Source Port Remap: Checked/Enabled
- Once you have create the 2 required NAT Policies, they should look similar to the following:
Step 3: Creating Firewall Access Rules
- Go to “Firewall → Access Rules”, select the “WAN to LAN” option and press “Add”.
- Create a new Access Rule with the following fields:
- “General” tab:
- Action: Allow
- From Zone: WAN
- To Zone: LAN
- Service: 3CX Services (this is the Service Group created in Step 1)
- Source: Any
- Destination: Select the Address Object of the “WAN/Public IP” you have configured 3CX to use
- Users Allowed: All
- Schedule: Always on
- Comment: 3CX Inbound Access
- Allow Fragmented Packets: Checked/Enabled
Step 4: Disable SIP Transformations
- Go to ”VoIP → Settings”
- In the “SIP Settings” section disable option: Enable SIP Transformations
Step 5: Validating Your Setup
Log into your 3CX Management Console → Dashboard → Firewall and run the 3CX Firewall Checker. This will validate if your firewall is correctly configured for use with 3CX.
More information about the Firewall Checker can be found here.
Last Updated
This document was last updated on 13 July 2018
版权所有 三思客软件(深圳)有限公司