Configuring a Zyxel P-662H-D1 Router with 3CX Phone System

Posted on by Phil

In this article, we will see how to configure a Zyxel P-662 to allow traffic required by 3CX Phone System. This is a 2 step process – first, we will configure the firewall to allow VoIP traffic from the internet and secondly we will configure the firewall to route the VoIP traffic to 3CX Phone System.

Notes:

  1. This procedure has been tested on Zyxel P-662H-D1 using ZyNOS Firmware Version V3.40(AGZ.9) | 01/08/2010
  2. This procedure should only be used if you intend using VoIP Providers, Remote Extensions or Bridges.
  3. Note that Port 5000 and 5090 do not need to be opened on the router if you are only using VoIP Providers.
  4. The ports listed in this article are the default ports for 3CX Phone System. Before proceeding, confirm the SIP and RTP ports from 3CX Management Console Settings Network Ports tab, and the 3CX Tunnel port from 3CX Management Console Settings Network 3CX Tunnel tab.
  5. Once you have configured your router using the procedure in this article, you should confirm that the settings have been correctly applied using the 3CX Firewall Checker.

Configure the Firewall to Allow VoIP Traffic from the Internet

  1. Using your browser, browse to the IP address of the Zyxel P-662H-D1 Router.
  2. Log in using the administrator password.
  3. From the menu on the left, change to Security Firewall.
  4. If Active Firewall is not enabled, and you do not intend to enable the firewall, you can proceed to the next section (Configure NAT).
  5. If the Default Action for ‘WAN to LAN’ is set to ‘Permit’, and you do not intend to change this, you can proceed to the next section (Configure NAT).
    Firewall Settings
  6. Click on the Rules tab.
  7. From the Packet Direction drop down list, select ‘WAN to LAN’, and click the Add button.
  8. Scroll to the ‘Services’ section, and click on the ‘Edit Customised Services’ link.
  9. Add the following services in the table (click on the number to add an entry). Click Back when done:
      • SIP – TCP / UDP – 5060.
      • RTP – UDP – 9000 – 9049.
      • 3CX Tunnel – TCP / UDP – 5090 (not required for VoIP Providers).
      • 3CX Web interface – TCP – 5000 (not required for VoIP Providers).

    Ports Configuration

  10. Scroll back to the top and configure the following settings:
    1. Active: Enabled.
    2. Action for Matched Packets: Permit.
    3. Source – Address Type: Add IP address if known or leave default ‘Any Address’.
    4. Destination – Address Type: Add IP address if known or leave default ‘Any Address’.
    5. Service – Available Services: Add ‘*SIP (TCP/UDP:5060)’, and remove ‘Any (UDP)’ and ‘Any (TCP)’ from the list..
    6. Day to Apply: ‘Everyday’ (or as needed).
    7. Time of Day to Apply: ‘All day’ (or as needed).
    8. Click Apply when done.
  11. Repeat step 10 for each service configured in step 9. The rules should be similar to what is shown in this screenshot:
    Firewall Rules

Configure NAT so that VoIP Traffic from the Internet is Forwarded to the PBX

  1. From the menu on the left, change to Network – NAT.
  2. Click on Port Forwarding.
  3. In the Service Name, select ‘User define’.
  4. Configure the Rule as follows:
    1. Active: Enabled.
    2. Service Name: SIP.
    3. Start Port: 5060.
    4. End Port: 5060.
    5. Server IP Address: Internal IP of PBX (e.g. 192.168.1.109).
    6. Click Apply when done.
  5. Repeat steps 3 to 5 for the following ports:
    • 3CX Web: 5000 (not required for VoIP Providers)/
    • 3CX Tunnel: 5090 (not required for VoIP Providers)/
    • RTP:  9000 – 9049/

    Port Forwarding Rules

    Click Apply to save the configuration.