How to set up a Session Border Controller (SBC) in 3CX

  • This topic is empty.
  • Post
    • December 21, 2024 at 6:07 am
    Weekend Wiki
    Keymaster
    To set up a Session Border Controller (SBC) in 3CX and connect phones from your local network to a cloud-hosted 3CX system, follow these steps. An SBC ensures secure communication between your on-premise phones and the 3CX server in the cloud, protecting your network and optimizing call quality.

    Step 1: Prerequisites

    1. Cloud-hosted 3CX system: Make sure you have a 3CX instance running in the cloud (e.g., AWS, Google Cloud, etc.).
    2. Local Phones: Ensure your phones are SIP-enabled and can communicate over the network (e.g., IP phones, softphones).
    3. Internet Connection: The local network (where the phones are located) needs internet access to connect to the cloud 3CX system.

    Step 2: Install and Configure the 3CX SBC

    The SBC bridges the connection between the local network and the cloud-hosted 3CX system. It can be installed on a local machine (such as a Raspberry Pi, Windows/Linux server, or dedicated hardware).

    1. Download the 3CX SBC Software

    • For Windows: Download the 3CX SBC installer from the 3CX website: 3CX SBC Download
    • For Linux: The SBC software for Linux is available in a .deb or .rpm format.

    2. Install the SBC on Your Local Server or Device

    • For Windows:
      1. Run the downloaded installer and follow the instructions.
      2. After installation, open the 3CX SBC configuration tool.
    • For Linux:
      • If using Debian-based systems (e.g., Ubuntu), install with: 
        sudo dpkg -i 3cxsbc_*.deb
      • For Red Hat-based systems, use the .rpm file.

    3. Configure the SBC

    • Once the SBC is installed, configure it to connect to your 3CX cloud system:
      • Open the 3CX SBC Configuration Tool (or access via terminal on Linux).
      • Enter the Cloud 3CX Server Details:
        • FQDN (Fully Qualified Domain Name) of the cloud 3CX server.
        • Port: Use the port for communication (e.g., 5060 for SIP).
        • SBC Password: The password for the SBC that you’ll configure in the 3CX Management Console (see Step 4).
      • Save the Settings and start the SBC service.

    Step 3: Configure the 3CX Management Console

    1. Log in to 3CX Management Console

    • Access the 3CX Management Console (e.g., http://<cloud-server-ip>:5000).
    • Log in with your administrator credentials.

    2. Add the SBC Device

    • Navigate to SBC under Advanced Settings or System Settings.
    • Click Add SBC.
    • Fill in the following fields:
      • SBC Name: A name for the SBC (e.g., “Local Office SBC”).
      • Public IP: The public IP address or hostname of the SBC.
      • SBC Password: The password you set during the SBC configuration.
      • Local IP: The local IP of the SBC device (for internal use in your network).

      Click OK to save the SBC details.

    Step 4: Provisioning Phones for Remote Access

    1. Provision the Phones

    • In the 3CX Management Console, go to Extensions.
    • Create or edit the extension you want to provision for the SIP phone.
    • Under Provisioning:
      • If your phones support auto-provisioning, choose the option to auto-provision and send the provisioning URL to your phones.
      • If your phones don’t support auto-provisioning, manually configure the phone with:
        • SIP server: The public IP address or domain name of your 3CX server.
        • SIP port: 5060 (for standard SIP) or 5061 (for secure SIP).
        • Extension number and password (these can be found in the 3CX Management Console).

    2. Set Up Phones with SBC Connectivity

    • On your phones, you should configure them to connect via the SBC.
      • If using auto-provisioning, this is handled automatically after the phones download their settings from the 3CX system.
      • If manually configuring, ensure the phones are set to use the local SBC (set the SBC IP address in the phone’s settings). This directs the phone to register through the SBC instead of connecting directly to the cloud 3CX server.

    Step 5: Test the Setup

    1. Check SBC Registration

    • In the 3CX Management Console, go to Dashboard and check the SBC registration status. The SBC should show up as “Registered” and the status should be green.

    2. Test Phone Connectivity

    • Ensure that the SIP phones are now registering with the 3CX system via the SBC.
    • Make test calls between extensions and external numbers (if configured).
    • Verify audio and call quality.

    3. Monitor SBC Traffic (Optional)

    • If you want to monitor SBC traffic, you can check the logs on your SBC device (located in /var/log/ for Linux or in the installation directory for Windows).

    Step 6: Security Considerations

    1. Use Secure SIP (TLS):
      • Enable TLS encryption for SIP traffic between the phones, SBC, and cloud 3CX server to avoid eavesdropping.
      • Use the SBC’s secure ports (5061 for SIP TLS).
    2. Firewall and NAT Configuration:
      • Make sure that the necessary ports are open on your local router/firewall to allow SIP and RTP traffic to pass through.
      • Use STUN (Session Traversal Utilities for NAT) to help with NAT traversal if phones are behind NAT devices (routers).
    3. Regular Updates:
      • Keep your SBC and 3CX system up to date to ensure security patches are applied.

    Conclusion

    You have now successfully set up an SBC to connect your local phones to a cloud-hosted 3CX system. The SBC ensures secure and reliable communication between your local network and the cloud server, preventing direct exposure of internal SIP devices to the public internet. This setup provides additional security and network optimization for your 3CX phone system.

    If you need more assistance or run into any issues, feel free to ask!

  • You must be logged in to reply to this topic.
en_USEnglish
arArabic en_USEnglish