D-link DFL-260E / 860E / 1660/2560 / 2560G NetDefend UTM firewalls provide protection against viruses, unauthorized access and inappropriate content, as well as enhanced management, monitoring and maintenance of the enterprise network.
Consider the configuration of these firewalls to work with 3CX Phone System, located in the local network for NAT. The configuration is carried out according to 3CX recommendations, in particular,
the required ports of 3CX Phone System services are published .
')
Definition of hosts and services
Add the IP addresses of the 3CX server (in our example
192.168.10.3 ) and the provider's SIP server (in our example
193.200.32.23 ) to the
Address Book D-link address book.
Add a new service type to the
Services section. Describe in it the type of protocol and the ports used. The picture below shows the configuration of the SIP and RTP services.
Also create a service for 3CX Tunnel.
And finally, create a service for the 3CX HTTPS service.
If your system is running an IIS web server, and not Abyss, you can use a predefined description of the HTTPS service.
Publication of services
In the
IP Rules section, create a folder, for example,
VoIP , and there are six rules for passing VoIP traffic through D-link DFL:
- 2 rules for SIP traffic from the host SIP provider. Do not open the SIP service of your 3CX server for the whole world!
- 2 rules for 3CX Tunnel traffic from any network
- 2 rules for HTTPS traffic from any network (server management and status and presence information for 3CX Client clients)
Consider the procedure for creating rules on the example of one of them, for SIP and RTP traffic.
The first rule specifies the SAT conversion.
The second rule is similar to the first, but it just allows this SAT conversion.
The rules for the 3CX Tunnel service and HTTPS are similar, but with one difference - traffic is allowed from any network, and not only from the IP address of the SIP provider.
This is done so that the 3CX Client user can connect to the system through the 3CX Tunnel from anywhere in the world.
To reduce the size of the article, we give an example only for the publication rule of the 3CX Tunnel service. The rule for HTTPS is created similarly.
At the end of the setup, do not forget to save the changes and quickly reconnect to the device. Otherwise, the new configuration will not be saved!
Additional Information