How to enable the connection to 70 sip phones to a pbx in the cloud?

  • Hi, guys thanks for time and help

    I am Migrating my current Firewall from CISCO ASA to pFsense,
    My problem is that when I try to use pfsense as gw of the network of 70 phones only connect 38 as maximum to the pbx and also the calls between phones does not progress, but with cisco asa everything works fine configure my pfsense based on This document

    1 -
    2 -

    ASA Configuration:
    object-group service ASTERISK
    service-object tcp-udp range 10000 20000
    service-object tcp eq sip
    service-object udp eq sip
    service-object tcp eq 5061
    service-object udp eq 5061
    service-object icmp

    I do not work

    note: i am using pFsense last version
    Modify message

  • Netgate Administrator

    This is phones only behind pfSense and an external PBX?

    Can you describe exactly what happens when the phones are not working correctly? No incoming calls? No outgoing calls? No audio etc?


  • Thanks for your time

    this is my connection:

    Phone(SIP 5060)–--> PFSENSE---->ISP----->INTERNET---->CLOUD PBX (only 38 phone work from 70)
    Phone(SIP 5060-----> CISCOASA--->ISP---->INTERNET---->CLOUD PBX (All phone working)

    1 - from 70 Phone only 38 works whit incoming/outgoing calls and sound.
    2 - some times i lose phone registration to the PBX
    3 - on sip show peers i can see my wan ip but many phones say unrachable

  • Sounds like a firewall issue… are you sure you've mirrored the cisco config to pfsense?

    If you disconnect a working phone does one of the non working start to work?

  • Netgate Administrator

    Hmm, yes is it always the same 38 phones that work?

    So the non-working phones are not able to place or receive calls and sometimes lose registration entirely?


  • Remember that the ASA is "SIP Aware" , and it's default enabled under services.
    Not that it should do something to a conn limit.

    Also you have port 5061 in your ASA rules , and refer to 5060 in the pfsense examples.

    Someone here mentioned using siproxd , on pfsense

    SIP and NAT requires some thoughts , or a sip aware proxy to "modify" "the inside ip addr" , to the "outside addr" , in the "payload"

    All of that stuff is being done by default , in the ASA.


Log in to reply