When connecting to the internet with a computer, security is one of the essential concerns that must be addressed. A firewall is an important security tool that can protect computers and networks from attacks. However, when using 3CX, we may need to open certain ports on the firewall. In this article, we will discuss how to open firewall ports to ensure a smooth installation and use of 3CX.
Outbound
Even companies with extremely strict network management policies may restrict outbound data from servers. Here are the domains and ports that need to be accessed during the Linux image installation process.
Usage | FQDN | Port | Protocol |
---|---|---|---|
STUN | stun.3cx.com | 3478 | UDP |
stun2.3cx.com | 3478 | UDP | |
stun3.3cx.com | 3478 | UDP | |
stun4.3cx.com | 3478 | UDP | |
SIP ALG Detector | sip-alg-detector.3cx.com | 5060 | UDP |
3CX SMTP | smtp-proxy.3cx.net | 2528 | TCP |
Activation | activate.3cx.com | 443 | TCP |
RPS | rps.3cx.com | 443 | TCP |
Updates | downloads-global.3c.com | 443 | TCP |
Webmeeting | Wmr.3cx.net | 443 | TCP |
MCUs | qos.3cx.net | 443 | TCP |
Global blacklist | Pbxservices.3cx.com | 443 | TCP |
Debian source | deb.debian.org | 80 | TCP |
Debian sercurity | security.debian.org | 80 | TCP |
Debian NTP server | debian.pool.ntp.org | 80 | TCP |
Debian fastlydns | debian.map.fastlydns.net | 80 | TCP |
This does not include the access range required for iOS and Android Push. If needed, please refer to the official documentation:https://www.3cx.com/docs/manual/firewall-router-configuration/
Inbound
The inbound section is not mandatory during the installation process but includes some ports that may be needed during the use of 3CX. If deploying in the cloud, it is best to open all of these ports, while for local use, it depends on the specific situation.
Usage | Ports | Protocol |
---|---|---|
HTTPS | 5001 or 443 | TCP |
Configuration | 5015 | TCP |
SIP | 5060 | UDP & TCP |
SIP TLS | 5061 | TCP |
Teams | 5062 | TCP |
Tunnel | 5090 | UDP & TCP |
Media Server | 9000-10999 | UDP |