Table of Contents
If you wish to use a VoIP provider remotely, all you have to do is make changes to your internet firewall. This guide explains how you can open ports on your routers at home and set up your firewall for 3CX.
Just before you begin with the process of port forwarding, make sure you have the following things:
Now that you have the above details noted down, you can move to the next stage of 3CX port forwarding:
To play 3CX online and create a server without any interruptions, you’ll have to allow access to certain ports on your firewall. The default 3CX ports are:
| Service | Ports | Description |
| Remote 3CX Apps & SBC | TCP: 5090, 5091 TCP: 443 (WebMeeting) TCP: 5000-5100 (Media) | Communication between 3CX clients and Session Border Controller (SBC) WebMeeting feature for remote collaboration Media transmission for voice and video calls |
| 3CX Video Conference | TCP: 5090, 5091 TCP: 443 (WebMeeting) TCP: 5000-5100 (Media) | Communication for video conferencing sessions WebMeeting feature for video conferencing Media transmission for video conference streams |
| Other Services (SMTP & Activation) | TCP: 25, 587 (SMTP) TCP: 9000 (Activation) | Simple Mail Transfer Protocol (SMTP) for email servicesActivation service for licensing and registration |
| SIP Trunk / VoIP Provider | Varies (Check with provider) | Ports specified by the SIP Trunk or VoIP provider for communication |
Efficient 3CX phone system operation demands the integration of Split DNS and Hairpin NAT, which is crucial for maintaining a smooth and secure experience across internal and external networks.
Split DNS customizes domain name resolution based on network origin, while Hairpin NAT enables internal clients to access the 3CX system using its external IP without disruptions.
| Device | Configuration Tasks | Additional Notes |
| Sonicwall Firewall | Port forwarding for 3CX ports Enable SIP transformations | Ensure Sonicwall security policies allow SIP and RTP traffic. Review Sonicwall documentation for specific firmware versions and recommendations. |
| Draytek 2820 Router | Port forwarding for 3CX ports Enable SIP ALG | Implement Quality of Service (QoS) for prioritizing VoIP traffic.Draytek routers may have different models with variations in firmware; refer to specific model docs. |
| AVM FritzBox | Port forwarding for 3CX ports Enable or configure QoS for VoIP traffic | Disable SIP ALG if present.FritzBox configurations can vary. Check the FritzBox admin interface for relevant settings. |
| CISCO Router | Access Control Lists (ACLs) for 3CX ports Enable QoS for VoIP | Adjust settings for NAT and inspect SIP traffic. Cisco router configurations depend on the specific model and IOS version; refer to Cisco docs. |
| FortiGate 80C | Virtual IP and Firewall Policies for 3CX ports Implement VoIP security policies | Set up security profiles and ensure SIP and RTP traffic is allowed. FortiGate settings may vary; consult FortiGate documentation for accurate configurations. |
| WatchGuard XTM Firewall | Configure Packet Filter and NAT for 3CX ports Enable SIP and H.323 ALG if available | Adjust security settings and exceptions for VoIP traffic.Refer to WatchGuard documentation for model-specific details. |
| pfSense Firewall | NAT Port Forward for 3CX ports Implement Traffic Shaping or QoS for VoIP traffic | Adjust firewall rules and disable SIP ALG. Consult pfSense documentation for version-specific instructions. |
| MikroTik Firewall | Create NAT rules for 3CX ports Configure Firewall Filter Rules | Implement Simple Queues or Queue Tree for VoIP traffic prioritization. MikroTik RouterOS versions may have differences; check documentation accordingly. |
Opening a port shouldn’t be complicated. With the Port Forwarding add-on, it’s as simple as 1, 2, and 3!
Ports to run on Windows
| TCP Port: | 5060-5061 |
| UDP Port | 5060 |
What if your ISP performs CGNAT? Most ISPs perform CGNAT (Carrier-grade Network Address Translation) to conserve bandwidth and assign a single IP address to multiple users connected to the same internet network. However, CGNAT makes it difficult for you to open ports on the router.
To get around the CGNAT issue, you can use the Port Forwarding add-on to bypass this problem and port forward routers without hassle.
Here’s more information on how to use PureVPN’s Port Forwarding add-on and bypass CGNAT in a few clicks.
A secure way to open all ports
To most people, port forwarding is quite a demanding task. For starters, every router has a different console, which often makes it difficult to navigate to specific settings.
Secondly, you won’t always be able to open 3CX ports on your router if your ISP restricts the ports. Yes, you heard that right! ISPs are notorious for blocking ports due to security reasons. If ISP isn’t the reason behind a blocked port, then perhaps it could be your operating system’s firewall.
Well, you can make all these problems go away and enjoy smooth online gaming on all your desired systems with PureVPN’s Port Forwarding add-on. Through the Port Forwarding add-on, you can allow all ports, disallow all ports, and allow specific ports.