For documentation purposes mostly, I was reminding that it is important to open port 2000 through the local zone if you are running the base Asterisk Skinny protocol module or the more complete Chan-SCCP-B module.
Both systems use port 2000 to communicate with the server. Since the basic setting in the firewall module is to block any unknown ports, it gets blocked. If it gets blocked, the phones can’t register and you spend the whole afternoon trying to figure out what you could have possibly screwed up.
The solution is to add port 2000 (tcp and UDP) to the firewall. Do this by clicking “Connectivity” -> “Firewall” -> “Services” -> “Custom Services” -> “Create a New Service”. I called mine “SCCP” with the port number of 2000 in the TCP and UDP zones.
Quick side note: the solution to this problem was to add port 2000 as a special service in the Integrated Firewall. That worked well until a couple of weeks ago.
The port was working for the past five years, and now whenever I enable the Firewall, it kills my defined port 2000 and locks all my phones out. I have to disable the firewall to get it back.
There’s something amiss in the “custom” services that doesn’t pull the old port definition into to configuration. I just tried creating a new one (using TCP and UDP) and it seems to be working fine, so the problem is probably just a transitional oddness that other services may need to look for.