When connecting to the internet with a computer, security is one of the essential concerns that must be addressed. A firewall is an important security tool that can protect computers and networks from attacks. However, when using 3CX, we may need to open certain ports on the firewall. In this article, we will discuss how to open firewall ports to ensure a smooth installation and use of 3CX.

Outbound

Even companies with extremely strict network management policies may restrict outbound data from servers. Here are the domains and ports that need to be accessed during the Linux image installation process.

Usage FQDN Port Protocol
STUN stun.3cx.com 3478 UDP
stun2.3cx.com 3478 UDP
stun3.3cx.com 3478 UDP
stun4.3cx.com 3478 UDP
SIP ALG Detector sip-alg-detector.3cx.com 5060 UDP
3CX SMTP smtp-proxy.3cx.net 2528 TCP
Activation activate.3cx.com 443 TCP
RPS rps.3cx.com 443 TCP
Updates downloads-global.3c.com 443 TCP
Webmeeting Wmr.3cx.net 443 TCP
MCUs qos.3cx.net 443 TCP
Global blacklist Pbxservices.3cx.com 443 TCP
Debian source deb.debian.org 80 TCP
Debian sercurity security.debian.org 80 TCP
Debian NTP server debian.pool.ntp.org 80 TCP
Debian fastlydns debian.map.fastlydns.net 80 TCP

This does not include the access range required for iOS and Android Push. If needed, please refer to the official documentation:https://www.3cx.com/docs/manual/firewall-router-configuration/

Inbound

The inbound section is not mandatory during the installation process but includes some ports that may be needed during the use of 3CX. If deploying in the cloud, it is best to open all of these ports, while for local use, it depends on the specific situation.

Usage Ports Protocol
HTTPS 5001 or 443 TCP
Configuration 5015 TCP
SIP 5060 UDP & TCP
SIP TLS 5061 TCP
Teams 5062 TCP
Tunnel 5090 UDP & TCP
Media Server 9000-10999 UDP