Configuring a Draytek 2820 Firewall with 3CX
Introduction
This document describes the configuration of a Draytek 2820 for use with 3CX Phone System. We will look into the NAT configuration necessary for 3CX Phone System and the QoS configuration to prioritize SIP and RTP traffic. This guide is based on firmware version 3.3.3, dated 23 October 2009.
Note: We cannot assist you in the configuration of your firewall.
Step 1: Disable SIP ALG
You first need to disable SIP ALG on your Draytek Router by following the steps outlined below:
- Open a Command Prompt and telnet to the Draytek router by typing the following command:
- Enter the following two commands to disable the SIP ALG Handler on the device:
- If you are using model Vigor2750 or Vigor2130, instead use the following commands:
Step 2: Configure Port Forwarding (NAT)
- Browse to the Router’s Web Interface (default IP address is 192.168.1.1).
- Go to the “NAT” > “Open Ports” menu item.
- Go to the first free position in the “Open Port” menu, and configure as follows:
- Ensure the “Enable Open Ports” checkbox is enabled
- Set the “Comment” field value to “3CX”
- Set the “WAN Interface” field to “WAN1”
- Set the “Local Computer” field to the assigned IP address of the 3CX machine (in this example 192.168.1.200)
- Each line is used to open a single port or port range and set the protocol. Open all ports required by 3CX. For an up to date list of the ports required to be open check here.
- Click on the “OK” button at the bottom of the page. This will send you back to the “Open Ports” summary page.
Step 3: QOS Configuration - Bandwidth Management
- Browse to the Router’s Web Interface (the device’s default IP address is 192.168.1.1).
- Go to the “Bandwidth Management” > “Quality of Service” menu item.
- Click the “Edit” link in the “Service Type” column.
- For each port and port range your 3CX installation uses, fill in the following fields. Add:
- “Service Name”: use a suitable name to denote what this port is used for.
- “Service Type”: TCP and/or UDP depending on the port you are opening.
- “Type”: Single or Range
- “Port Number”: the service port number or range to add
- Repeat step 4 for all ports used by your 3CX installation.
Note: An updated list of the default ports used by 3CX can be found here.
Step 4: Creating a Class Rule
- Click on the “Edit” link in the “Class 1” row in the “Rule” column
- Set the “Name” field to “3CX VoIP”
- Click on the “Add” button
- Set the:
- “ACT” field to enabled
- “Local Address” field to the IP address of the PBX machine (in this example 192.168.1.200)
- Ensure the “Remote Address” field is set to “Any”
- Ensure the “DiffServ CodePoint” field is set to “Any”
- In “Service Type” add one of the service types you created in Step 3.
- Click the “OK” button
- Repeat steps 1-5 for all services created in Step 3.
- When finished click on the “OK” button to save the Class Rule.
Step 5: Assign a Priority Level
Now we need to instruct the router to assign a priority level to traffic of class “3CX VOIP”.
- In “Bandwidth Management” > “Quality of Service” click on the “Setup” link on the “WAN1” row.
- Check the “Enable the QoS Control” checkbox, and set the traffic direction to “BOTH”
- Set the “Reserved_bandwidth Ratio” field for traffic of class “3CX VOIP” to 70%
- Set the “Reserved_bandwidth Ratio” field for traffic of Class 2 and Class 3 to 10%
- Click on the “OK” button to complete the configuration
Note: The “Reserved_bandwidth Ratio” percentage does not reserve bandwidth at all times, but only when other traffic types are competing with the “3CX VOIP” class traffic for bandwidth.
Step 6:Validating Your Setup
Log into the 3CX Management Console, go to “Dashboard” > “Firewall” and run the Firewall Checker to validate if your firewall is correctly configured for use with 3CX.
More information about the Firewall Checker can be found here.
Users of Draytek VoIP Models
If you have a Draytek VoIP model you also need to perform the following steps in addition to the steps described above to enable it to work with 3CX Phone System:
- Log in to your Draytek Router’s Web Interface
- Select “VoIP” and then click on “SIP Accounts” in the Draytek Management Console
- Select “Change the SIP port in VoIP” to something else other than “5060”
Note: All SIP account ports should be changed.
- Press “OK” to save your changes.
When you finish modifying all your accounts, restart your Draytek Router.
Related Articles
Configuring a SIP Trunk
Introduction To make and receive calls, you have to create an account with a SIP trunk provider (also referred to as a VoIP provider). A SIP trunk provider will connect you to the old-style PSTN. Having your own SIP trunk provider account means you ...Configuring IP Phones
Introduction 3CX enables easy deskphone configuration with Supported IP Phones being tested and auto-configured. Once provisioned, you can manage the phones from the 3CX Admin Console. To provision a phone, it needs to be told to connect to 3CX via a ...Configuring WhatsApp
How it works WhatsApp integration enables your agents to reply to WhatsApp messages directly from 3CX. WhatsApp messages are delivered into the same chat panel as live chat, SMS, and Facebook messages enabling you to reply to multiple channels easily ...Configuring Jabra Headsets
Introduction The users of the 3CX Phone System can use Jabra headsets in order to answer/end calls, adjust volume levels, and mute/unmute calls. (Volume and mute control features depend on the capabilities of the headset you are using). Follow the ...Configuring Google Cloud Storage for 3CX
Take advantage of the reliable and cost-efficient online storage on Google Cloud Platform. 3CX enables you to create storage buckets under your Google Cloud account and use these to store backups and/or archive recordings. Prerequisites To configure ...