Configuring D-link DFL-260E / 860E / 1660/2560 / 2560G Firewalls to work with 3CX Phone System
D-link DFL-260E / 860E / 1660/2560 / 2560G NetDefend UTM firewalls provide protection against viruses, unauthorized access and inappropriate content, as well as enhanced management, monitoring and maintenance of the enterprise network.
Consider the configuration of these firewalls to work with 3CX Phone System, located in the local network for NAT. The configuration is carried out according to 3CX recommendations, in particular, the required ports of 3CX Phone System services are published .
')
Add the IP addresses of the 3CX server (in our example 192.168.10.3 ) and the provider's SIP server (in our example 193.200.32.23 ) to the Address Book D-link address book.
Add a new service type to the Services section. Describe in it the type of protocol and the ports used. The picture below shows the configuration of the SIP and RTP services.
Also create a service for 3CX Tunnel.
And finally, create a service for the 3CX HTTPS service.
If your system is running an IIS web server, and not Abyss, you can use a predefined description of the HTTPS service.
In the IP Rules section, create a folder, for example, VoIP , and there are six rules for passing VoIP traffic through D-link DFL:
Consider the procedure for creating rules on the example of one of them, for SIP and RTP traffic.
The first rule specifies the SAT conversion.
The second rule is similar to the first, but it just allows this SAT conversion.
The rules for the 3CX Tunnel service and HTTPS are similar, but with one difference - traffic is allowed from any network, and not only from the IP address of the SIP provider. This is done so that the 3CX Client user can connect to the system through the 3CX Tunnel from anywhere in the world.
To reduce the size of the article, we give an example only for the publication rule of the 3CX Tunnel service. The rule for HTTPS is created similarly.
At the end of the setup, do not forget to save the changes and quickly reconnect to the device. Otherwise, the new configuration will not be saved!
Consider the configuration of these firewalls to work with 3CX Phone System, located in the local network for NAT. The configuration is carried out according to 3CX recommendations, in particular, the required ports of 3CX Phone System services are published .
')
Definition of hosts and services
Add the IP addresses of the 3CX server (in our example 192.168.10.3 ) and the provider's SIP server (in our example 193.200.32.23 ) to the Address Book D-link address book.
Add a new service type to the Services section. Describe in it the type of protocol and the ports used. The picture below shows the configuration of the SIP and RTP services.
Also create a service for 3CX Tunnel.
And finally, create a service for the 3CX HTTPS service.
If your system is running an IIS web server, and not Abyss, you can use a predefined description of the HTTPS service.
Publication of services
In the IP Rules section, create a folder, for example, VoIP , and there are six rules for passing VoIP traffic through D-link DFL:
- 2 rules for SIP traffic from the host SIP provider. Do not open the SIP service of your 3CX server for the whole world!
- 2 rules for 3CX Tunnel traffic from any network
- 2 rules for HTTPS traffic from any network (server management and status and presence information for 3CX Client clients)
Consider the procedure for creating rules on the example of one of them, for SIP and RTP traffic.
The first rule specifies the SAT conversion.
The second rule is similar to the first, but it just allows this SAT conversion.
The rules for the 3CX Tunnel service and HTTPS are similar, but with one difference - traffic is allowed from any network, and not only from the IP address of the SIP provider. This is done so that the 3CX Client user can connect to the system through the 3CX Tunnel from anywhere in the world.
To reduce the size of the article, we give an example only for the publication rule of the 3CX Tunnel service. The rule for HTTPS is created similarly.
At the end of the setup, do not forget to save the changes and quickly reconnect to the device. Otherwise, the new configuration will not be saved!
Additional Information
Source: https://habr.com/ru/post/302332/
All Articles