I'm not sure about the NAT doors


me when the customer asks me for remote extensions without VPN and I still perggio when the firewall is not managed by me, I get me to sign a release.


We should have a dedicated section for Feature Request where we can vote for what we really need/want.


I think it was everyone’s wish. I confirm.


You should! Because you don’t want trouble for doing what they wanted. I would do the same (I manage most of my customers firewalls).


T-Mobile did not provide, but a search here does -
https://ipinfo.io/AS812 (rogers canada)

Certainly a wide arrangement, and perhaps not useful for all locales, but it is what it is.


Nice tool thanks!


https://ipinfo.io/AS12876 (damiano)


We should make a reference topic of these, here’s Bell for Canadian users: https://ipinfo.io/AS36522


I too like the 3CX app using the tunnel. Makes it easier to ties down firewall rules. Even with GS wave you can write firewall rules filtering on MAC address on iptables. Makes it trivial to allow/deny access to a mobile device


I forgot the most important question:
scenario -> only local extensions and trunk sips registered on Provider, in this case you do c the nat of the RTP and SIP ports or is it not necessary?


You will need RTP forwarding, and 5060 forwarding to your UCM. The provider sends the INVITE there. I know it CAN work without port forwarding but to prevent any audio/call issues, I always forward them.


I ask this question because there are two categories of installers, those who do not do any nat in this condition, and those like you who do nat of the doors.
I always do nat but I wanted to hear your opinion


what you say is correct, but only if the remote cell phone is connected in wifi, then it is valid to filter the MAC of the cell phone, but if the same cellular uses the data of the provider?


I know that NAT is a pain sometimes and that’s why I always prefer to open the doors and just filter out bad things. This way, when an issue occur, you have one less stage of the connection to check.


I agree with you, but sometimes you find yourself at the customer’s, the computer of the customer who manages the firewall refuses to do the nat of the doors because in his way of seeing no need to do the nat of any door, sometimes you explain and you can get the result, other times there is no way. In that case the customer signs a release for me at least he knows that it is not the ideal situation.


I do the same. I tell them my recommendations and if they don’t wanna go with it, there are specific clauses in the contracts that says “if you don’t follow our recommendations, we can’t guarantee 100% uptime” (in other words).

ALWAYS make them sign a wager. You don’t want to be blamed for a bad decision the customer made.