⬆️ ⬇️

Configuring D-link DFL-260E / 860E / 1660/2560 / 2560G Firewalls to work with 3CX Phone System

D-link DFL-260E / 860E / 1660/2560 / 2560G NetDefend UTM firewalls provide protection against viruses, unauthorized access and inappropriate content, as well as enhanced management, monitoring and maintenance of the enterprise network.







Consider the configuration of these firewalls to work with 3CX Phone System, located in the local network for NAT. The configuration is carried out according to 3CX recommendations, in particular, the required ports of 3CX Phone System services are published .

')

Definition of hosts and services



Add the IP addresses of the 3CX server (in our example 192.168.10.3 ) and the provider's SIP server (in our example 193.200.32.23 ) to the Address Book D-link address book.



image



Add a new service type to the Services section. Describe in it the type of protocol and the ports used. The picture below shows the configuration of the SIP and RTP services.



image



Also create a service for 3CX Tunnel.



image



And finally, create a service for the 3CX HTTPS service.



image



If your system is running an IIS web server, and not Abyss, you can use a predefined description of the HTTPS service.



image



Publication of services



In the IP Rules section, create a folder, for example, VoIP , and there are six rules for passing VoIP traffic through D-link DFL:



image



Consider the procedure for creating rules on the example of one of them, for SIP and RTP traffic.

The first rule specifies the SAT conversion.



D-link DFL-260E/860E/1660/2560/2560G    3CX Phone System.  SAT   SIP.



D-link DFL-260E/860E/1660/2560/2560G    3CX Phone System.  SAT   SIP.



The second rule is similar to the first, but it just allows this SAT conversion.



D-link DFL-260E/860E/1660/2560/2560G    3CX Phone System.  Allow   SIP.



The rules for the 3CX Tunnel service and HTTPS are similar, but with one difference - traffic is allowed from any network, and not only from the IP address of the SIP provider. This is done so that the 3CX Client user can connect to the system through the 3CX Tunnel from anywhere in the world.

To reduce the size of the article, we give an example only for the publication rule of the 3CX Tunnel service. The rule for HTTPS is created similarly.



D-link DFL-260E/860E/1660/2560/2560G    3CX Phone System.  SAT   3CX Tunnel.



At the end of the setup, do not forget to save the changes and quickly reconnect to the device. Otherwise, the new configuration will not be saved!



image



Additional Information



Source: https://habr.com/ru/post/302332/



All Articles