TIPS Opening Ports/Security

P

Paul Farina

New Member
Joined
Jul 22, 2013
Messages
1
Reaction score
0
I am setting up a pbx for my office. Im going either rentpbx or building one myself on a old pc. My question is say I use an on site pbx behind a router. Would I need to open any ports at all? like 5060,10000-20000. Or is that only for remote pbx extensions? if an onsite pbx doesn't have these ports open how will the SIP's be able to see the pbx?


THANK U
 
wardmundy

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
19,205
Reaction score
5,225
You definitely want everything locked down if you're directly exposed to the Internet. SIP trunks register with providers which automatically opens the necessary ports. It's much the same as when you use a browser to access a web site. You don't need port 80 mapped back to your desktop. It all happens transparently.
 
briankelly63

briankelly63

Guru
Joined
Nov 14, 2008
Messages
1,398
Reaction score
320
Some providers allow you to provision your trunks in such a way that there is no registration "string" so there is nothing to keep the firewall ports open (I prefer this way). With that sort of set up you usually have to have a static ip address and you would then open port 5060 to ONLY the providers IP addresses on your router. The router will manage the RTP ports.
Using this method avoids relying on registration strings and keepalives to hold the ports open.
 
MacNix

MacNix

Guru
Joined
Jun 21, 2011
Messages
198
Reaction score
31
Paul Farina said:
I am setting up a pbx for my office. Im going either rentpbx or building one myself on a old pc. My question is say I use an on site pbx behind a router. Would I need to open any ports at all? like 5060,10000-20000. Or is that only for remote pbx extensions? if an onsite pbx doesn't have these ports open how will the SIP's be able to see the pbx?
THANK U
Click to expand...

having seen both sides (with PBX open on the web and with boxes behind firewalls), I'd DEFINITELY recommend the hardware firewall route.. You can build an open-source firewall router for less than $200, and it gives you WAY WAY WAY more options (long-term), than just putting your PBX on the web.

I use Untangle but there are others. Untangle software is free, has good community support, runs on inexpensive PC hardware (my first UT box was an old pentium, and the only reason we replaced it was due to a lightning strike), and allows a good bit of stuff (openVPN, IPsecVPN, numerous spam/hacking protection, options galore re: managing networks, routing, blah blah blah.....

MOST providers I've found work perfectly with it out of the box, but as I found out recently, you can have to open a few extra ports for others....

I remember seeing this somewhere recently:

firewall.jpg
 
You must log in or register to reply here.

Members online

Total: 57 (members: 2, guests: 55)

Latest Posts

Forum statistics

Threads
25,821
Messages
167,810
Members
19,246
Latest member
abuhyder
Get 3CX - Absolutely Free!

Link up your team and customers Phone System Live Chat Video Conferencing

Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.

3CX
A 3CX Account with that email already exists. You will be redirected to the Customer Portal to sign in or reset your password if you've forgotten it.
Verify your Email

Check your inbox!

We’ve sent you an email. Click on the button in the email body to verify your email address – (if you can not find it, check your spam folder).

Upon verification you will be directed to the 3CX setup wizard.

Top