Configure Clavister NetWall with 3CX PBX

Software Used:

• Clavister NetWall 13.00.02
• 3CX PBX V16

This FAQ describes the configuration of a Clavister NetWall for use with the 3CX Phone System.

Step 1: Confgure port-forwarding

Login to the webinterface of the Clavister NetWall.

1. Go to “Objects -> Address Book” and click “Add -> IP4 Address“.
   Name: PBX_3CX
   IP: Address of the 3CX PBX
   
2. Go to “Objects -> Services” and click “Add -> TCP/UDP Service“. See: https://www.3cx.com/docs/ports/ for actual port information
   
3. Add service group for Sip_* service objects.
   
4. Go to “Policies -> Main IP Ruleset” and click “Add -> IP Policy“.
   Name: Publish_3CX
   Action: Allow
   Source if: WAN
   Source IP: all-nets
   Destination if: core
   Destination IP: WAN_ip
   Service: Sip_grp
   Source Address Translation: None
   Destination Address Translation: SAT
   Address Action: Single IP
   New IP Address: PBX_3CX
   Port Action: None
5. Go to “Policies -> Main IP Ruleset” and click “Add -> IP Policy“.
   Name: Outbound_3CX
   Action: Allow
   Source if: LAN
   Source IP: PBX_3CX
   Destination if: WAN
   Destination IP: all-nets
   Service: all_tcpudpicmp
   Source Address Translation: SAT
   Address Action: Single IP
   New IP Address: WAN_ip
   Port Action: None
   Destination Address Translation: None

Step 2: Validating your setup

Log into your 3CX Management Console and go to “Dashboard” > “Firewall” to run the 3CX Firewall Checker to validate if your firewall is correctly configured for use with 3CX.
More information about the Firewall Checker can be found here.