I attended 3CX training on 6-7 March 2017 at the Grand Millennium Hotel, Auckland CBD. Here are my notes and tips for 3CX best practices, please feel free to add by posting a comment down below.
- As of March 2017, Sonicwall Firewall requires a hotfix to be able to work properly with 3CX.
- SIP port is used just for signaling, RTP ports used for audio and videos.
- If 3CX is not on 5060, there will be NO PnP Provisioning.
- STUN tells source IP of the 3CX.
- Main trunk number = phone number.
- Full cone NAT (i.e. static NAT) is required:
» A full cone NAT (also known as a one to one NAT) is the only type of NAT where the port is permanently open and allows inbound connections from any external host. A full cone NAT maps a public IP address and port to a LAN IP and port. Any external host can send data to the LAN IP through the mapped NAT IP and port. If it tries to send data through a different port, it will fail. This type of NAT is also known as port forwarding. This NAT type is the least restrictive type of NAT; the only requirement is that the connection comes in on a particular port (the one you opened).
Example – A server has a website running on port 80. We create a one-to-one rule that maps the router WAN IP of 22.214.171.124 to 192.168.0.1 with port 80 to port 80. Any external host that sends data to 126.96.36.199 on port 80 is NAT-ed (and sent) to 192.168.0.1 port 80.
Note: The port numbers do not have to be the same; We could run my website on port 8080 but create the NAT mapping to forward port 80 to port 8080. This port gives the appearance to the public Internet that my website is on port 80. A connection attempt on any other port is dropped.
- Disable SIP ALG (Application Layer Gateway) at Router / Firewall (MUST DO, ELSE WILL CREATE ISSUES WITH 3CX!!)
- » Default SIP port is 5060 UDP and TCP;
» Default RTP ports are 9000-9500 UDP only (please also open these ports in Firewall, and it will not make our network vulnerable as the RTP ports are on-demand, so 3CX will only open when it’s required)
» Default Tunnel port is 5090 UDP and TCP;
» Default https port 5001 or can also 443 TCP.
- 3CX version 15 requires .NET 4.6.1 — older .NET will cause unexpected behaviours.
- Please run 3CX on a dedicated instance when possible, NEVER run these service along with 3CX:
» Microsoft Exchange;
» Microsoft SQL Server;
» DNS Server;
» VPN Server.
- When there are around 50 simultaneous users, the best practice would be to run 3CX on a Server OS and not a Desktop OS, as Server OS handles network traffic better than a Desktop OS.
- When configuring outbound dialling, replace + with 00.
- Setup exclusion on 3CX Program Files and Program Data folders on Anti-Virus & Windows Firewall.
- Disable any other NIC such as WAN Miniport, Wi-Fi, Bluetooth, etc.
- Only >Pro version has the failover feature.
- Do NOT change LAN IP of the 3CX server once setup finished — if setting up for a client on office, setup 3CX with their network configuration.
- Create A record for the 3CX FQDN.
- Turn on scheduled nightly backup plan.
- Keep OS and 3CX on latest update as possible.
- Uninstalling / Migration: Always copy backup folder before uninstalling 3CX server as the default backup folder will be deleted after the uninstall process finished.
- Uninstalling: Release the IP from the 3CX Customer Portal: https://customer.3cx.com/
- Maintenance: Always reboot Windows when there’s a chance so that 3CX can do its housekeeping.
- SIP Fork is when more than one device on the same extension (e.g. already have IP Phone, installing 3CX client on computer)
- Plan and add emergency numbers, ensure they are on the top of rules, avoid using extensions that being used by country’s emergency number, e.g. 111 (NZ emergency number) or 911 (US emergency number)
- It is possible to set up sync between Office 365 & Google contacts and 3CX using the 3CX client.