When connecting to the internet with a computer, security is one of the essential concerns that must be addressed. A firewall is an important security tool that can protect computers and networks from attacks. However, when using 3CX, we may need to open certain ports on the firewall. In this article, we will discuss how to open firewall ports to ensure a smooth installation and use of 3CX.

Outbound

Even companies with extremely strict network management policies may restrict outbound data from servers. Here are the domains and ports that need to be accessed during the Linux image installation process.

Usage	FQDN	Port	Protocol
STUN	stun.3cx.com	3478	UDP
	stun2.3cx.com	3478	UDP
	stun3.3cx.com	3478	UDP
	stun4.3cx.com	3478	UDP
SIP ALG Detector	sip-alg-detector.3cx.com	5060	UDP
3CX SMTP	smtp-proxy.3cx.net	2528	TCP
Activation	activate.3cx.com	443	TCP
RPS	rps.3cx.com	443	TCP
Updates	downloads-global.3c.com	443	TCP
Webmeeting	Wmr.3cx.net	443	TCP
MCUs	qos.3cx.net	443	TCP
Global blacklist	Pbxservices.3cx.com	443	TCP
Debian source	deb.debian.org	80	TCP
Debian sercurity	security.debian.org	80	TCP
Debian NTP server	debian.pool.ntp.org	80	TCP
Debian fastlydns	debian.map.fastlydns.net	80	TCP

This does not include the access range required for iOS and Android Push. If needed, please refer to the official documentation:https://www.3cx.com/docs/manual/firewall-router-configuration/

Inbound

The inbound section is not mandatory during the installation process but includes some ports that may be needed during the use of 3CX. If deploying in the cloud, it is best to open all of these ports, while for local use, it depends on the specific situation.