3CX NZ Setup Guide & Tutorial

3CX Setup Guide for UFONE (Supported by 3CX) in New Zealand
Firstly, make sure that the computer/server power scheme is on 'High performance' -- this ensures that the computer operates at maximum performance and it will not goes into sleep mode after 30 minutes (Windows default).
  1. Computer Name format is CompanyName-3CX
  2. Assign IP and make sure that the server is configured for the client’s network (3CX Server IP is NOT designed to be changed after installation) — Add client’s IP as secondary IP if needed!!
  3. Go to https://www.3cx.com/phone-system/download-links/ — and download the latest 3CX Server
  4. After installation done, you will be asked whether you want to continue using web browser (press 1) or CLI (press 2)
  5. Windows Firewall popup might also occur and in that case; tick all network to make sure 3CX is allowed to connect to all the networks.
  6. 3CX Management Console credentials, setup the username (e.g. 3cxadmin) and you can also use the same password with Windows’.
  7. Public IP Address, open up https://www.whatismyip.com/
  8. Configuring FQDN: Select ‘I need a 3CX FQDN.’ — Enter Client’s Name as Subdomain and, Select a 3CX Domain: Select New Zealand (*.3cx.co.nz)
  9. Select Local IP and make sure to choose the client’s IP again here.
  10. ===WAIT=== it might take some time during the ‘Creating FQDN and certificates…’ process, that is perfectly normal.
  11. Set HTTPS port to 443 and HTTP port to 80 if those ports are not currently in use.
  12. Login to 3CX Management Console for the first time, the best practice is to use: ‘3 Digits (000-999)’ — be aware, this cannot be changed later!!
  13. 3CX Phone System Admin Email: your@admin-email.add
  14. Use mail server (necessary, I’d personally recommend using SendGrid):
    » Mail Server IP or FQDN: smtp.sendgrid.net
    » Reply To Address: 3cx@intra.saputra.local
    » Email: companysmtp (e.g. saputrasmtp)
    » Password: companysmtp’s sendgrid password
    » Enable SSL/TLS: ticked
    » Perform ‘TEST’ and make sure you get this message: ‘Mail sent’ in green colour.
  15. Select Country: New Zealand, Set the Time Zone: +12:00 New Zealand (Wellington, Auckland)
  16. Select Language: UK English Prompts Set (or select Aussie/NZ Prompts Set if available)
  17. Registration Details:
    License Key: (leave it alone)
    Contact Name: Systems Administrator
    Company Name: (e.g. Saputra Enterprises Ltd.)
    Email: use@real-email.here
    Phone: +64-9-xxxxxxx
    Country: New Zealand
  18. If there are any updates available (it will be indicated by red bubble on the Updates link)
  19. Go to Updates Page, tick ‘Automatic updates’, select ‘Weekly 0:00 every Sunday’ — DO NOT tick the 3CX PBX updates (this will make sure all clients/templates are updated while leaving the PBX system untouched to avoid undesirable unknown update effect)
  20. Add SIP Trunk / VoIP Provider:
    Country: NZ
    Provider: UFONE
    Main Trunk Number is the Main Phone Number, e.g. ‘649xxxxxxx’ — FORMAT MUST BE LIKE THIS, OTHERWISE WILL NOT WORK!!
  21. Trunk Details:
    Enter name for Trunk: leave it UFONE
    Registrar/Server/Gateway Hostname or IP: see credentials, e.g. ‘xxxxxx.sip.ufone.co.nz’
    SIM Cals: depending on the UFONE contracts, e.g. 2
    Authentication ID: see sip username
    Authentication Password: see sip password
  22. CREATE INBOUND RULES, put ‘UFONE’ as Inbound rule name just click OK to create (might need to repeat depending on how many numbers they have)
    1. Emergency 111:
      » Calls to numbers starting with prefix: 111
      » Calls to Numbers with a length of: 3
      » Route 1: ‘UFONE’ / Strip Digits ‘0’ / Prepend ”
      » Route 2: ‘UFONE’ / Strip Digits ‘0’ / Prepend ’64’
      » Route 3: ‘BLOCK CALLS’ / Strip Digits ‘0’
    2. International:
      » Calls to numbers starting with prefix: 00
      » Route 1: ‘UFONE’ / Strip Digits ‘2’ / Prepend ‘+’
      » Route 2: ‘UFONE’ / Strip Digits ‘0’ / Prepend ”
      » Route 3: ‘BLOCK CALLS’ / Strip Digits ‘1’
    3. National + Mobile + Tollfree:
      » Calls to numbers starting with prefix: 0
      » Route 1: ‘UFONE’ / Strip Digits ‘1’ / Prepend ’64’
      » Route 2: ‘BLOCK CALLS’ / Strip Digits ‘1’
    4. Local 09:
      » Calls to Numbers with a length of: 7
      » Route 1: ‘UFONE’ / Strip Digits ‘0’ / Prepend ‘649’
      » Route 2: ‘BLOCK CALLS’ / Strip Digits ‘1’
    5. Catch All:
      » Route 1: ‘UFONE’ / Strip Digits ‘0’ / Prepend ”
      » Route 2: ‘BLOCK CALLS’ / Strip Digits ‘1’
  24. Go to Windows DHCP server, on IPv4 -» Scope [LAN_IP] [Domain] -» right click on Scope Options -» select Configure Options -» and tick option 66 (Boot Server Host Name), add provisioning http URL from 3CX (e.g. ‘’)
  25. Back to 3CX Management Console, click Phones -» Add Phone -» Choose Extension (e.g. 303) -» Choose from available models (e.g. GXP-1628) and add the mac address of the phone (e.g. ‘000b82a347ab’) -» click OK and OK again to close the extension window.
  26. Go to that phone’s web interface using IP address, enter on browser (e.g. login using admin:admin and reboot the phone so that it will be provisioned on the next boot.
  27. Setup port forwarding on the router/firewall to the 3CX server IP address for the ports specified below:
    » Default SIP port is 5060 UDP and TCP;
    » Default RTP ports are 9000-9500 UDP only (please also open these ports in Firewall, and it will not make our network vulnerable as the RTP ports are on-demand, so 3CX will only open when it’s required)
    » Default Tunnel port is 5090 UDP and TCP;
    » Default https port 5001 or can also 443 TCP.

Another phone provisioning method:

» Configuring the provisioning server via the Grandstream GXP series web interface

Step 1: Configure the phone in 3CX

  1. Log in to your 3CX Management Console ⇒ Phones ⇒ press “Add Phone.”

  1. Pick an extension from the list to which the IP phone shall be assigned.

  1. Select the model and enter the MAC address of the device which can be found on the back of the device itself.

  1. Optional set the “Phone Display Language” and “Timezone” for the device.

  1. Take a copy of the “Provisioning Link” which needs to be entered into the Grandstream GXP in step 2.

Step 2: Enter the Information into the Web Interface of the device

  1. Open the Web Interface of the Grandstream phone and login (default password is admin).
  2. Navigate to “Maintenance” ⇒ “Upgrade and Provisioning.”
  3. Set the “Upgrade via” to HTTP.
  4. In “Configuration Server Path” and “Firmware Server Path” enter the provisioning link taken from step 1 and paste in without http://”
    (example: pbx.mybusiness.local/provisioning/pc56bscs195k)
  5. Press “Save and Apply” and “Reboot” which can be found in the top right corner of the Grandstream web interface.

Grandstream GXP1628/GXP2140/GXP2160 attended transfer fix:

Go to Phone UI -» Settings -» Call Features -» » Auto-Attended Transfer (by default: No) — set to “Yes”, and the phone will use attended transfer by default.

3CX Notes & Best Practices

I attended 3CX training on 6-7 March 2017 at the Grand Millennium Hotel, Auckland CBD. Here are my notes and tips for 3CX best practices, please feel free to add by posting a comment down below.

  • As of March 2017, Sonicwall Firewall requires a hotfix to be able to work properly with 3CX.
  • SIP port is used just for signaling, RTP ports used for audio and videos.
  • If 3CX is not on 5060, there will be NO PnP Provisioning.
  • STUN tells source IP of the 3CX.
  • Main trunk number = phone number.
  • Full cone NAT (i.e. static NAT) is required:
    » A full cone NAT (also known as a one to one NAT) is the only type of NAT where the port is permanently open and allows inbound connections from any external host. A full cone NAT maps a public IP address and port to a LAN IP and port. Any external host can send data to the LAN IP through the mapped NAT IP and port. If it tries to send data through a different port, it will fail. This type of NAT is also known as port forwarding. This NAT type is the least restrictive type of NAT; the only requirement is that the connection comes in on a particular port (the one you opened).
    Example –  A server has a website running on port 80. We create a one-to-one rule that maps the router WAN IP of to with port 80 to port 80. Any external host that sends data to on port 80 is NAT-ed (and sent) to port 80.
    Note: The port numbers do not have to be the same; We could run my website on port 8080 but create the NAT mapping to forward port 80 to port 8080. This port gives the appearance to the public Internet that my website is on port 80. A connection attempt on any other port is dropped.
  • Disable SIP ALG (Application Layer Gateway) at Router / Firewall (MUST DO, ELSE WILL CREATE ISSUES WITH 3CX!!)
  • » Default SIP port is 5060 UDP and TCP;
    » Default RTP ports are 9000-9500 UDP only (please also open these ports in Firewall, and it will not make our network vulnerable as the RTP ports are on-demand, so 3CX will only open when it’s required)
    » Default Tunnel port is 5090 UDP and TCP;
    » Default https port 5001 or can also 443 TCP.
  • 3CX version 15 requires .NET 4.6.1 — older .NET will cause unexpected behaviours.
  • Please run 3CX on a dedicated instance when possible, NEVER run these service along with 3CX:
    » Microsoft Exchange;
    » Microsoft SQL Server;
    » DNS Server;
    » VPN Server.
  • When there are around 50 simultaneous users, the best practice would be to run 3CX on a Server OS and not a Desktop OS, as Server OS handles network traffic better than a Desktop OS.
  • When configuring outbound dialling, replace + with 00.
  • Setup exclusion on 3CX Program Files and Program Data folders on Anti-Virus & Windows Firewall.
  • Disable any other NIC such as WAN Miniport, Wi-Fi, Bluetooth, etc.
  • Only >Pro version has the failover feature.
  • Do NOT change LAN IP of the 3CX server once setup finished — if setting up for a client on office, setup 3CX with their network configuration.
  • Create A record for the 3CX FQDN.
  • Turn on scheduled nightly backup plan.
  • Keep OS and 3CX on latest update as possible.
  • Uninstalling / Migration: Always copy backup folder before uninstalling 3CX server as the default backup folder will be deleted after the uninstall process finished.
    e.g. C:\ProgramData\3CX\Instance1\Data\Backups
  • Uninstalling: Release the IP from the 3CX Customer Portal: https://customer.3cx.com/
  • Maintenance: Always reboot Windows when there’s a chance so that 3CX can do its housekeeping.
  • SIP Fork is when more than one device on the same extension (e.g. already have IP Phone, installing 3CX client on computer)
  • Plan and add emergency numbers, ensure they are on the top of rules, avoid using extensions that being used by country’s emergency number, e.g. 111 (NZ emergency number) or 911 (US emergency number)
  • It is possible to set up sync between Office 365 & Google contacts and 3CX using the 3CX client.

Enable Verbose Service Startup/Shutdown Messages on Windows

Open up regedit.exe and head to the following key, creating it if the key path isn’t there:


Once you are there, create a new 32-bit DWORD on the right-hand side named VerboseStatus, giving it a value of 1.

Now when you start up or shut down, you’ll see more verbose messages telling you what is taking so long.

I have created lazy way to do it, just copy the code below:

Windows Registry Editor Version 5.00


Save as .reg file and run as administrator as we need to edit the HKLM.

I have tested this on Windows 7 SP 1, Windows 8, Windows 8.1 and Windows 10 version 1607 (Anniversary Update)