Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Subscribers 29 subscribers
  • Views 3090 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Weird Issue with SIP traffic

Darren Walkeden

Hi all,

 

I wonder if anyone can help.

 

We have a weird issue with our XG firewalls and SIP traffic. We set the firewalls up according to our SIP providers information and calls are working perfectly ina nd out. However when an external caller dials in they don't get the usual 'ringing' noise at their end to let them know the call is going through; it's just silent.

 

I got on to Sophos support aout the issue (after speaking to our SIP provider whoc onfirmed as far as they are converned everything is set up correctly) and they suggested enabling the SIP module that comes with the firewalls. (It had been disabled per the instructions from our SIP provider). This did in fact resolve the issue of the 'ringing' sound when an external caller dialled in, but caused another issue in that there was then no audio on the call either way... Frustrating.

 

I have asked support if it's possible to 'recreate' what the SIP module does using firewall rules, as clearly it does something that resolves our issue. I haven't had a reply.

 

Has anyone else experinced this issue before? Our phone system is on-site; not a hosted system.

 

This has been going on for months now and noone seems to be able to get to the bottom of it. I now need it resolving as it makes us look very unprofessional.

 

Thanks in advance.



This thread was automatically locked due to age.
Parents
  • 0

    Hello Darren,

    Sorry to hear that we were not able to help you in your case for this issue.
    Do you have a static public IP that you are using specifically for your phone system?

    If possible, please send screenshots of the firewall rules you have configured for your phone system.

    Regards,

    Bryan Yang
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

  • 0 in reply to OhGeez

    Hi Bryan,

    Thanks for your response.

    We do have a static public IP for our phone system. Screen shot below of the rules we have set up in our firewall:

    The 'Samsung MP20' services include the following ports: 5003 TCP, 6000 UDP, 6001 TCP, 8000 UDP, 9012 TCP, 5090 TCP and 5060 UDP.

    The 'Samsung MP20s' services in this rule contain the following port ranges: 30000:30031 UDP, 35000:35127 UDP, 38000:38127 UDP and 40000:40127 UDP.

     

    From what I understand from our Phone system provider is that the first rule (the MP20) is the signalling traffic and then the MP20s rule is the actual data. (I may have that wrong though). The MP20 and MP20s are two seperate physical cards in the phone system which is why the traffic has to be split out this way.

    Thanks again,

    Darren

  • 0 in reply to Darren Walkeden

    I've used Gamma SIP trunks with XG's without a problem, I've always had SIP ALG turned off though.

     

    There was a bug where SIP got royally screwed up but if you are running 17.5 onwards that shouldn't be an issue (what was a mismatch in the ports used on the inside and outside of the firewall for the media streams leading to people getting other peoples calls).

    You can take a trace of SIP traffic and you'll see all the call setup information in there, it's in plain text and is easy to understand. Take a TCPDUMP off the XG and from the PBX and compare them to see if there's any errors or a mismatch in ports used.

    When Sophos were fixing the previous bug I mentioned they used a service group for the list ports instead of just a service with all the different options in it. Might be worth a go, but otherwise it's normally just a case of the right firewall rules and off you go, different internal IP addresses aren't uncommon. Your firewall rules look just fine.

    Sorry it's not the silver bullet you were after.

    Regards

Reply
  • 0 in reply to Darren Walkeden

    I've used Gamma SIP trunks with XG's without a problem, I've always had SIP ALG turned off though.

     

    There was a bug where SIP got royally screwed up but if you are running 17.5 onwards that shouldn't be an issue (what was a mismatch in the ports used on the inside and outside of the firewall for the media streams leading to people getting other peoples calls).

    You can take a trace of SIP traffic and you'll see all the call setup information in there, it's in plain text and is easy to understand. Take a TCPDUMP off the XG and from the PBX and compare them to see if there's any errors or a mismatch in ports used.

    When Sophos were fixing the previous bug I mentioned they used a service group for the list ports instead of just a service with all the different options in it. Might be worth a go, but otherwise it's normally just a case of the right firewall rules and off you go, different internal IP addresses aren't uncommon. Your firewall rules look just fine.

    Sorry it's not the silver bullet you were after.

    Regards

Children
  • 0 in reply to carbon15

    Thanks for the reply guys.

    We've managed to get round the issue by adding a new rule that allows any service out from the voice card on our phone system. So I can only assume that there was some port information missing from the initial information we were provided during set up. Will be taking this up with the system providers.

    Appreciate everyone's input on the thread all the same.

    Thanks.